Prepared statements in JDBC are used to execute precompiled SQL statements that can be reused multiple times with different input parameters. They are precompiled and stored in a database, making them more efficient to execute than regular statements.
The basic process of using prepared statements in JDBC involves the following steps:
Create a PreparedStatement object
To create a prepared statement, you need to call the prepareStatement() method of the Connection object, passing in the SQL query as a parameter. For example:
String sql = "SELECT * FROM employees WHERE age > ?";
PreparedStatement pstmt = conn.prepareStatement(sql);Set the input parameters
Once you have created the prepared statement, you can set the input parameters using the setXXX() methods, where XXX is the data type of the parameter. For example:
pstmt.setInt(1, 30);This sets the value of the first parameter to 30.
Execute the query
Finally, you can execute the query using the executeQuery() or executeUpdate() methods, depending on whether you want to retrieve data or modify the database. For example:
ResultSet rs = pstmt.executeQuery();This executes the prepared statement and returns a ResultSet object that contains the results of the query.
Here is a complete example that demonstrates the use of prepared statements in JDBC:
import java.sql.*;
public class PreparedStmtExample {
public static void main(String[] args) throws SQLException {
String url = "jdbc:mysql://localhost:3306/mydb";
String username = "root";
String password = "password";
Connection conn = DriverManager.getConnection(url, username, password);
String sql = "SELECT * FROM employees WHERE age > ?";
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setInt(1, 30);
ResultSet rs = pstmt.executeQuery();
while (rs.next()) {
System.out.println(rs.getString("name") + ", " + rs.getInt("age"));
}
conn.close();
}
}In this example, we first establish a connection to a MySQL database using the DriverManager.getConnection() method. We then create a prepared statement that selects all employees whose age is greater than a certain value. We set the value of the parameter using the setInt() method and execute the query using the executeQuery() method. Finally, we loop through the ResultSet object and print out the names and ages of the selected employees.
Prepared statements can help improve the performance and security of your JDBC code by reducing the amount of SQL parsing and by preventing SQL injection attacks. They are especially useful when you need to execute the same query multiple times with different input parameters.