• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

when to use callable statement???

 
Punit Jain
Ranch Hand
Posts: 1013
2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i need to design few servlets and jsp's for login and register of user.
i want to know one thing, should i use callable statement for this, i tried to read it via google, but failed to get anything for "when to use callable statement".
i m doing this only for my learning exercise.
most of the times i used statement and prepared statement for this, but now i think to use callable statement just for learning, should i use, any good reason why to use??

Thank You....
 
Martin Vajsar
Sheriff
Posts: 3752
62
Chrome Netbeans IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You'll use CallableStatement when you're invoking a stored function which returns a value, or stored function or procedure which uses OUT parameters. The CallableStatement interface provides methods to register the output parameters with their proper type and obtain their value after execution.

Therefore, if you want to practice the use of this interface, you need to have a stored procedure or function to call. I'd suggest starting by reading the CallableStatement documentation, or even better the corresponding sections of an JDBC tutorial.
 
Punit Jain
Ranch Hand
Posts: 1013
2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you...
but for login and registrations, does callable statements has any advantage over prepared statement, should i use??
although prepared statement prevent from sql injuctions and all.
 
Martin Vajsar
Sheriff
Posts: 3752
62
Chrome Netbeans IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, there is no advantage as far as I know. Both of these handle bind variables (the parameters) in the same way and therefore provide the exact same protection from SQL injection attacks. (That is, when you use them correctly. It is still possible to be subject to SQL injection if you use PreparedStatement or CallableStatement and just stuff in parameters by String concatenation.)
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic