• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

PreparedStatement vs Statement ?

 
Viraj Nawa
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I just wanted to know what is the best option to use in a project ? Is it PreparedStatement or Statement ? Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ? If it does, can anyone explain me how it happens ?
Thank you !
 
Sagar Rohankar
Ranch Hand
Posts: 2907
1
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Viraj Nawa wrote:Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ?

Not exactly "more security", nut more feasibility, as all we know PreparedStatement is derived from Statement, so it naturally more good than simple Statement.

Here is what SUN tutorial said about PreparedStatement;
http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html
 
Balu Sadhasivam
Ranch Hand
Posts: 874
Android Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sagar Rohankar wrote:
Viraj Nawa wrote:Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ?

Not exactly "more security", nut more feasibility, as all we know PreparedStatement is derived from Statement, so it naturally more good than simple Statement.



Whats wrong in considering it as "security issue" when Statements are bound to "SQL Injection".
 
Sagar Rohankar
Ranch Hand
Posts: 2907
1
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, right, PreparedStatement completely remove the 'SQL Injection' threat, I missed that.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic