预处理语句是Statement的一个稍微强大一点的版本,并且应该总是至少像Statement一样快速和容易处理。 预估报表可以被参数化

大多数关系数据库处理JDBC / SQL查询分为四个步骤:

解析传入的SQL查询 编译SQL查询 规划/优化数据采集路径 执行优化的查询/获取和返回数据

对于发送到数据库的每个SQL查询,Statement将始终执行上述四个步骤。预处理语句预先执行上述执行过程中的步骤(1)-(3)。因此,在创建准备语句时,会立即执行一些预优化。其效果是在执行时减轻数据库引擎的负载。

现在我的问题是:

“使用预准备报表还有其他好处吗?”


当前回答

语句是静态的,准备语句是动态的。

Statement适用于DDL, prepared Statement适用于DML。

语句较慢,而准备语句较快。

更多差异(存档)

其他回答

They are pre-compiled (once), so faster for repeated execution of dynamic SQL (where parameters change) Database statement caching boosts DB execution performance Databases store caches of execution plans for previously executed statements. This allows the database engine to reuse the plans for statements that have been executed previously. Because PreparedStatement uses parameters, each time it is executed it appears as the same SQL, the database can reuse the previous access plan, reducing processing. Statements "inline" the parameters into the SQL string and so do not appear as the same SQL to the DB, preventing cache usage. Binary communications protocol means less bandwidth and faster comms calls to DB server Prepared statements are normally executed through a non-SQL binary protocol. This means that there is less data in the packets, so communications to the server is faster. As a rule of thumb network operations are an order of magnitude slower than disk operations which are an order of magnitude slower than in-memory CPU operations. Hence, any reduction in amount of data sent over the network will have a good effect on overall performance. They protect against SQL injection, by escaping text for all the parameter values provided. They provide stronger separation between the query code and the parameter values (compared to concatenated SQL strings), boosting readability and helping code maintainers quickly understand inputs and outputs of the query. In java, can call getMetadata() and getParameterMetadata() to reflect on the result set fields and the parameter fields, respectively In java, intelligently accepts java objects as parameter types via setObject, setBoolean, setByte, setDate, setDouble, setDouble, setFloat, setInt, setLong, setShort, setTime, setTimestamp - it converts into JDBC type format that is comprehendible to DB (not just toString() format). In java, accepts SQL ARRAYs, as parameter type via setArray method In java, accepts CLOBs, BLOBs, OutputStreams and Readers as parameter "feeds" via setClob/setNClob, setBlob, setBinaryStream, setCharacterStream/setAsciiStream/setNCharacterStream methods, respectively In java, allows DB-specific values to be set for SQL DATALINK, SQL ROWID, SQL XML, and NULL via setURL, setRowId, setSQLXML ans setNull methods In java, inherits all methods from Statement. It inherits the addBatch method, and additionally allows a set of parameter values to be added to match the set of batched SQL commands via addBatch method. In java, a special type of PreparedStatement (the subclass CallableStatement) allows stored procedures to be executed - supporting high performance, encapsulation, procedural programming and SQL, DB administration/maintenance/tweaking of logic, and use of proprietary DB logic & features

引用自mattjames

语句在JDBC中的使用应该100%本地化为正在使用 对于DDL (ALTER, CREATE, GRANT等),因为这些是唯一的语句 不能接受BIND变量的类型。preparedstatement或 CallableStatements应该用于所有其他类型的语句 (DML、查询)。因为这些是接受bind的语句类型 变量。 这是一个事实,一条规则,一条法律——在任何地方都使用事先准备好的陈述。 几乎不使用语句。

准备语句忽略SQL注入,提高了准备语句的安全性

没什么可补充的,

1 -如果你想在循环中执行查询(超过1次),由于你提到的优化,预处理语句可以更快。

2 .参数化查询是避免SQL注入的好方法。参数化查询只在PreparedStatement中可用。

语句接口执行不带参数的静态SQL语句

PreparedStatement接口(扩展Statement)执行预编译的带/不带参数的SQL语句

对于重复执行有效 它是预编译的,所以更快