Diff Between Statement,preparedstatement And Callable Statement

Hi friends,What is the difference between Statement,PreparedStatement and Callable statement that is used to make a jdbc connection in a java program.For to connect a java program to a database we must create a statement to execute the query.

I'm not sure what a callable statement is but the difference between a statement and a prepared statement is the latter is more flexible as it gets prepared and is able to be used for many different types of databases. We all know that syntax varies from database to database and a prepared statement is intended to remedy this. It is also said that prepared statments perform better but that is all I can recall from what I know about prepared statements. If you are serious about java and sql then you should look into this.

I'll try to explain in simple way.

 

Statement is to call simple query.

PreparedStatement is to call parametrized query.

CallableStatment is to be used for stored procedure calling.

Another way to look at it from my understanding of various websites, A Statement Object is for general use meaning that it could be used for anything, or Statement would be used for static SQL statements. Also none of the information or parameters can be changed using the Statement Object.As for PreparedStatement, you would used this if you plan on using the same SQL queries over and over again and because the information is inplace already, the execution of those SQL queries will be much faster if were to use just a Statement. Also, when using PreparedStatement, you can make changes to the information or parameters.Finally, CallableStatement is used for access of database stored procedures, which are a set of SQL statements that form a cohesive unit to run a specific task. So in a way you would use this to run the access of that database, and you be able to makes changes in the parameters as well.

Diff Between Statement,preparedstatement And Callable StatementDiff Between Statement,preparedstatement And Callable Statement

Statement :- It is used to call a query.

Prepared Statement :- It is also used to call a query but written only once and whenever it is used in the program it is called again.

Callable Statement :- It is a query which is used to call a 'STORED PROCEDURE'.

-reply by mayank srivastava

when a sql query is issued, two calls are made to the database:
1) To fetch the metadata i.e the column descriptions
2) To fetch the actual data

In case of Statement object, these 2 calls are made, each time a query executes but In case of PreparedStatement object first call to fetch metadata is made only once. Performance with PreparedStatement is better in case of batch execution when a query needs to be executed again and again.

Also, I think PreparedStatement helps to avoid sql injection attacks, for e.g:

For query:

String custId = "C001";String query = "SELECT * FROM customers WHERE id='" + custId + "'";

This query looks innocent and fine, but is subject to attack for e.g:

String custId = "C001' or id='C002";

would result in a query:

SELECT * FROM customers WHERE id='C001' or id='C002'