Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

when to use Statement over Prepared Statement?

When to use statement instead of prepared statement. i suppose statement is used in queries with no parameter but why not use prepared statement ? Which one is faster for queries with no params.

like image 868
Neo Avatar asked Jun 14 '11 12:06

Neo


People also ask

Why do we use PreparedStatement instead of Statement?

If you want to execute a Statement object many times, it usually reduces execution time to use a PreparedStatement object instead. The main feature of a PreparedStatement object is that, unlike a Statement object, it is given a SQL statement when it is created.

What is the difference between a Statement and a PreparedStatement?

Statement – Used to execute string-based SQL queries. PreparedStatement – Used to execute parameterized SQL queries.

Should I always use prepared statements?

You should always prefer working with prepared statements for the security benefits. They all but eliminate vulnerability to SQL injection, without you having to worry about SQL-escaping values. If you have a query that doesn't run often, though (less than once per request), a prepared statement can take longer to run.


2 Answers

I suppose statement is used in queries with no parameter but why not use prepared statement ?

That's not even close. PreparedStatements are used in the case of INSERT, UPDATE and DELETE statements that return a ResultSet or an update count. They will not work for DDL statements as pointed out by Joachim, and neither will they work for invocation of stored procedures where a CallableStatement ought to be used (this is not a difference between the two classes). As far as queries with no bind parameters are concerned, PreparedStatements can turn out to be better than Statements (see below).

Which one is faster for queries with no params.

PreparedStatements will turn out to be faster in the long run, over extended use in a single connection. This is because, although PreparedStatements have to be compiled, which would take some time (this really isn't a lot, so don't see this as a drawback), the compiled version essentially holds a reference to the SQL execution plan in the database. Once compiled, the PreparedStatement is stored in a connection specific cache, so that the compiled version may be reused to achieve performance gains. If you are using JDBC Batch operations, using PreparedStatements will make the execution of the batch much faster than the use of plain Statement objects, where the plan may have to be prepared time and again, if the database has to do so.

like image 177
Vineet Reynolds Avatar answered Oct 01 '22 21:10

Vineet Reynolds


That's depending on Your requirement.

If you have a SQL statement which runs in a loop or frequently with different parameters then PreparedStatement is the best candidate since it is getting pre-compiled and cache the execution plan for this parameterized SQL query. Each time it runs from the same PreparedStatement object it will use cached execution plan and gives the better performance.

Also SQL injection can be avoided using PreparedStatement .

But if you are sure that you run SQL query only once, sometimes Statement will be the best candidate since when you create PreparedStatement object sometimes it make additional db call, if the driver supports precompilation, the method Connection.prepareStatement(java.lang.String) will send the statement to the database for precompilation.

Read below article to understand "Statement Versus PreparedStatement"

  • Java Programming with Oracle JDBC
like image 38
Shyamal Madura Patabendige Avatar answered Oct 01 '22 23:10

Shyamal Madura Patabendige