Click here to Skip to main content
11,408,835 members (62,118 online)
Click here to Skip to main content
Technical Blog

Tagged as

Prepared Statements for Database driven application

, 15 Jan 2014 CPOL
Rate this:
Please Sign up or sign in to vote.
Prepared Statement is commonly used by application to execute the same parameterized SQL statement again and again. Prepared statements are compiled only once. If we need to execute a statement multiple times then execution of prepared statement is faster as it is compiled only once, while in case i
A Prepared Statement is commonly used by an application to execute the same parameterized SQL statement again and again. Prepared statements are compiled only once by the DBMS. If we need to execute a statement multiple times then execution of a prepared statement is faster, as it is compiled only once, while if we are using direct statements then each statement is first compiled before execution. So, time taken in prepared execution is lesser as compared to the time taken in direct execution.

Prepared statements are also known as parameterized queries. Parameterized queries and prepared statements are features of database management systems that basically act as templates in which SQL can be executed.

Example of Prepared Statement using Java and C#

We are using Emp table. Here id is the primary key of the table. The following query will retrieve all the data of a row for id = 1.
SELECT * FROM Emp WHERE id = 1
Now, if we create a template of above statement and use that for multiple values of id then it will look like:
SELECT * FROM Emp WHERE id = ?
Here, ? is called placeholder. It represents the place where actual values will be used in the SQL query. Placeholders are also known as bound parameters, since they are essential parameters that are passed to SQL that "bind" to the SQL at a later time.

Prepared Statement in JDBC

java.sql.PreparedStatement stmt = connection.prepareStatement("SELECT * FROM Emp WHERE id = ?");
for (int i = 1; i<= 100; i++)
{
        stmt.setString(i, id);
        stmt.executeQuery();
}

Parameterized Statements in SQL Server using C#

String sql = "SELECT * FROM Emp WHERE id = @id";
for(int i =1; i<=100; i++)
{
        cmd.Parameters.AddWithValue("@id", i);
       //execution of cmd
        cmd.Parameters.Clear();
}

In the above code, cmd is a SqlCommand object.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Vivek Goyal
Software Developer (Senior)
India India
Software Engineer having hands-on experience with C, C++, C#, .NET, ASP.NET, SQL, Website designing technologies, Joomla CMS, Application development, COM, MFC, Installshield, Installscript project, Basic MSI

http://newapputil.blogspot.in/
http://nvivekgoyal.blogspot.in/

Comments and Discussions

 
GeneralMy vote of 3 Pinmembernullpointer20-Jan-14 15:35 
GeneralMy vote of 2 Pinmembereimaideveloper16-Jan-14 0:46 
GeneralRe: My vote of 2 PinmemberVivek Goyal16-Jan-14 0:51 
GeneralMy vote of 2 Pinmemberr.wcs15-Jan-14 21:42 
GeneralRe: My vote of 2 PinmemberVivek Goyal15-Jan-14 22:08 
GeneralRe: My vote of 2 Pinmemberr.wcs15-Jan-14 22:17 
GeneralRe: My vote of 2 PinmemberVivek Goyal15-Jan-14 22:56 
GeneralRe: My vote of 2 PinmemberKomal Mangal15-Jan-14 23:45 
GeneralRe: My vote of 2 Pinmemberr.wcs15-Jan-14 23:56 
GeneralRe: My vote of 2 PinmemberVivek Goyal15-Jan-14 23:56 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.150414.5 | Last Updated 15 Jan 2014
Article Copyright 2014 by Vivek Goyal
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid