Changes between Initial Version and Version 1 of PreparedStatement


Ignore:
Timestamp:
03/14/08 16:25:44 (10 years ago)
Author:
joshuadf
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • PreparedStatement

    v1 v1  
     1= SQL Prepared Statements = 
     2 
     3In addition to normal queries, relational databases provide a way to 
     4bind parameters to certain columns. Here is an example using the 
     5Java JDBC API: 
     6 
     7{{{ 
     8PreparedStatement ps = connection.prepareStatement( 
     9    "SELECT email FROM member WHERE name = ?"); 
     10ps.setString(1, formField); 
     11ResultSet rs = ps.executeQuery(); 
     12 
     13}}} 
     14 
     15=== Why bother === 
     16 
     17 * Efficiency: the RDBMS can reuse query plans that have been prepared 
     18 
     19 * Security: bound parameters are not vulnerable to [http://www.unixwiz.net/techtips/sql-injection.html SQL injection]