Statement vs PreparedStatement
- Performance can be better with PreparedStatement but is database dependent.
- With PreparedStatement you avoid SQL injection. How does a PreparedStatement avoid or prevent SQL injection?
- Better type check with preparedStatement by setInt, setString where as statement you just keep appending to the main SQL.
Similar Post:
CallableStatement - Java answer to access StoredProcedures across all databases.
Similar post
With PreparedStatement and Callable you already have caching, also caching is a big topic in its own, you wouldn't like to do all of that instead look at ehcache
You should almost always prefer PreparedStatement over Statement
If you have to operate over StoredProcedure you have just one option CallableStatement.
No comments:
Post a Comment