Re: Statements vs PreparedStatements - Mark Matthews - com.mysql.lists.java

4 messages in com.mysql.lists.javaRe: Statements vs PreparedStatements

From	Sent On	Attachments
Jeff Mathis	21 May 2003 15:39
Alec...@Quantel.Com	22 May 2003 02:06
Keith Hatton	22 May 2003 09:35
Mark Matthews	22 May 2003 10:01

Subject:	Re: Statements vs PreparedStatements
From:	Mark Matthews (ma...@mysql.com)
Date:	05/22/2003 10:01:27 AM
List:	com.mysql.lists.java

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Keith Hatton wrote:

Hi Jeff,

I guess you are right about performance, at least for the time being

with MySQL. However I would encourage you to use PreparedStatements for the following reasons:

This begins to change with MySQL 4.1, which does have 'native' prepared statements...So you'll get a performance boost without having to change any of your code. This can be espeically true if a lot of your parameters are numeric or binary data, because the driver no-longer has to escape these, or send numbers as their string representation.

1. more portable - as you say, you will get big benefits in Oracle, for example, this way

2. easier for the programmer - if any of your variable data might contain quote characters or other chars requiring escape sequences, the JDBC driver handles all this for you if you use PreparedStatements. If you use the ordinary Statement object, then the String you construct for the query must have all these things escaped by hand.

This is the biggest benefit, as I see it. It cuts down on extra code you might have to do, and is more robust, as well as secure.

In essence, even if there is no significant performance benefit, I'd say you get more robust code for virtually no extra cost.

Just my $0.02 worth.

Hope this helps Keith

I agree!

- -- For technical support contracts, visit https://order.mysql.com/?ref=mmma

iD8DBQE+zQJ8tvXNTca6JD8RAsVTAJ46LmgI0bVFIeQcbv7q6hqRw0+WYACfeqIK JPf1VAn03Z8CMqvM8GfmsIg= =ZXNT -----END PGP SIGNATURE-----