PreparedStatement Interface Vs Statement Interface

Posted By : Harish Kalra | 30-May-2018

mysql

PreparedStatement Interface :

1. The principal advantage of utilizing a PreparedStatement is you can exploit the huge number of .setXYZ() methods, for example, .setString(), which enables your code to consequently escape extraordinary characters, for example, quotations inside the go in SQL explanation, keeping the constantly hazardous SQL injection attack.

2. Another advantage of a PreparedStatement is that the SQL itself is pre-compiled a solitary time and after that held in memory by the framework, as opposed to being compiled every last time the announcement is called. This takes into account quicker execution, especially when a PreparedStatement is utilized as a part of conjunction with batches, which enable you to execute an arrangement (or group) of SQL proclamations at the same time amid a solitary database connection

3. The final advantage of PreparedStatements that we’ll cover is the ability to insert abnormal data types into the SQL statement itself, such as Timestamp, InputStream, and many more.

Statement Interface :

1. Statement interface is utilized to execute ordinary SQL queries. You can't pass the parameters to SQL question at run time utilizing this interface. This interface is favored over other two interfaces in the event that you are executing a specific SQL inquiry just once. The execution of this interface is likewise less contrasted with other two interfaces. In a large portion of time, Statement interface is utilized for DDL statements like CREATE, ALTER, DROP and so forth.

2. The performance of this interface is superior to the Statement interface (when utilized for various execution of same query).

3. Cannot prevent from SQL injection attack