Using the Statement or PreparedStatement Interface
  • One ResultSet can exist per Statement or PreparedStatement at a given time.
  • You use PrepeparedStatement in the place of Statement, when the Statement Object is used many times.
    • PreparedStatement::
      • with the uses of special characters, helps us in preventing SQL injection attacks
      • allow to create dynamic queries
      • faster than statement
      • It is FORWARD_ONLY
      • it is indexed starting with 1
      • The ? is a placeholder, which is going to be filled later. In our case we will fill two values.
    • Example :
      String sql1 = "UPDATE emp SET sal= ? WHERE EMPNO = ?";
      ps.setInt(2, 7369);
  • Treads : Several threads accessing server, use Statement.
    • You must use a separate statement for each thread.
    • The PostgreSQL™ JDBC driver is thread safe, meaning if your application uses multiple threads, you don't have to set complex algorithms ensuring that only one thread uses the database at a time.  
      • While one thread is working the others will wait for their turns to connect DB
      • When ever a thread has to access a DB, it seeks the consents of of manager class to crate a connection object.
      • Once the thread completes its task, the handle goes back connection manager. The downside of this system is, the connection pool approached by different thread will eventually would increase the load on the server, as a new session is created for each connection object.
      • PHP platform tenders Fast-CGI pm this regards,
  • Prepared Statement
    • Instances of PreparedStatement contain an SQL statement that has already been compiled. This is what makes a statement "prepared".
    • Because PreparedStatement objects are precompiled, their execution can be faster than that of Statement objects.
    • The prepared statement is used to execute sql queries
  • A CallableStatement : object provides a way to call stored procedures in a standard way for all RDBMSs. A stored procedure is stored in a database; the call to the stored procedure is what a CallableStatement object contains
  • Comparison : Edit IT
    CallableStatement extends the capabilities of a PreparedStatement to include methods that are only appropriate for stored procedure calls. For example, the registerOutParameter() method is something only applicable to stored procedures since they have parameters with a direction (out, in, or in/out).
  • Use CallableStatments only when calling a stored procedure on the database, and use PreparedStatement for executing other statements such as SELECT, INSERT, UPDATE, etc
  • Statement