Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

oracle jdbc programming(preaparedstatement setXXX vs inline sql) 1

Status
Not open for further replies.
lovekang

lovekang

Programmer
Feb 16, 2006
86
KR
case 1.
PreparedStatement pstmt = conn.getPreparedStatement();
pstmt.setString(1,"john");

case 2.
String sql = "select * from emp where user_id = '" +"john"+"'";

in the cases above, performance is segnificant ?
 
Sort by date Sort by votes
Hi

If you have to execute the SQL command more then once, prepared statements are certainly faster. But it is always a good idea to use [tt]PreparedStatement[/tt], because your second code is vulnerable to SQL injection. ( Unless you do not take care of it other way. ) By handling [tt]String[/tt]s with [tt]PreparedStatement[/tt] you reduce the possibility to run into character set mismatch problems.

Just some quickly picked ideas.

Feherke.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

soni21
  • Locked
  • Question
Choosing the Right Programming Language for Your Learning Path
Replies
2
Views
386
xwb
xwb
TariqMehmod
  • Locked
  • Question
Which JDBC Driver
Replies
1
Views
333
xwb
xwb
VeryMajorGeek
  • Locked
  • Question
Xml Download Temp vs Remote Xml Parse
Replies
1
Views
167
xwb
xwb
Moris53
  • Locked
  • Question
Java vs Kotlin 3
Replies
3
Views
196
Moris53
Moris53
Alex8419
  • Locked
  • Question
Connecting to SQL database in Java application
Replies
1
Views
164
Diancecht
Diancecht

Part and Inventory Search

Sponsor

Back
Top