PreparedStatement is an interface, which is available in java.MySQL package
Why we use PreparedStatement?
- It can be used to execute dynamic and parametrized SQL Query.
- Prepared Statement is faster then Statement interface. Because in Statement Query will be compiled and execute every time, while in case of Prepared Statement Query won't be compiled every time just executed.
- It can be used for both static and dynamic query.
- In the case of Prepared Statement no chance of SQL Injection attack. It is some kind of problem in database programming.
PreparedStatement Methods in java:
The important methods of PreparedStatement are given below:
1) public void setInt( int parameter index, int value): This method is used to set the integer value to the given parameter index.
2) public void setString(int parameter index, int value): This method is used to set the String value to the given parameter index.
3) public void setFloat(int parameter index, int value): This method is used to set the float value to the given parameter index.
4) public void setDouble(int parameter index, int value): This method is used to set the double type value to the given parameter index.
5) public int executeUpdate(String url): If you want to modify in your database you should go for executeUpdate() method. This method returns an integer value which indicates the number of rows affected.
6) public ResultSet executeQuery(String url): This method is used for the select statement which retrieves some data from the database. This method returns a ResultSet.
Example of Prepared Statement in java :
import java.sql.*;
import java.util.*;
class Example{
public static void main(String args[])throws Exception{
class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/emp_record","root"," ");
String sqlquery = "insert into employee values(? ? ? ?)";
preparedStatement pst = con.preparedStatement(sqlquery);
Scanner sc = new Scanner(System.in);
while(true){
System.out.println("Enter employee number: ")
int eno = sc.nextInt();
System.out.println("Enter employee name: ")
String ename = sc.next();
System.out.println("Enter employee salary: ")
double esal = sc.nextDouble();
System.out.println("Enter employee address: ")
String eaadr = sc.next();
pst.setInt(1,eno);
pst.setString(2,ename);
pst.setDouble(3, esal);
pst.setString(4, eddr);
pst.excecuteUpdate();
System.out.println("Record inserted succesfully ");
System.out.println("Do you want to insert more records[yes/no]");
String option = sc.next();
if(option.equalsIgnoreCase("no")){
break;
}
}
}
}
You may also like:
PreparedStatement in Java
Reviewed by Prashant Srivastava
on
September 05, 2018
Rating:
Thanks for sharing this information
ReplyDelete