Stack Overflow
Stack Overflow

Questions tagged [prepared-statement]

A Prepared Statement (or parameterized statement) is a precompiled SQL statement that serves to improve performance and mitigate SQL injection attacks. Prepared statements are used in many popular Relational Database Management Systems.

Prepared statements separate data binding from execution. Separating statement preparation from execution can be more efficient for statements that are executed multiple times, because the preparation phase need be done only once. For example, if you need to insert a bunch of rows, you can prepare an INSERT statement once and then execute it repeatedly, binding successive row values to it for each execution. A prepared statement can contain placeholders to indicate where data values should appear. After you prepare the statement, bind specific values to the placeholders (either before or at statement-execution time), then substitute the values into the statement before sending it to the database server.

Also see: ,

6193 questions
2
votes
2 answers

prepared Statement in ejb3

i want to use prepared statement with ejb3 to insert data in oracle. is it possible to use. i try to find some example on net but i could not find any good example. Please help me to use it. or is there any other way to use parameter query (as we…
Ajay
2
votes
3 answers

Doing a SQL batch update in Java that won't update a field if passed-in parm is null

How do I create a batch update that won't update a column if the passed-in parameter value is null? For example: String UPDATE_STMT = "UPDATE MY_TABLE SET col1 = ?, col2 = ?, col3 = ?"; Connection conn = getConnection(); PreparedStatement pstmt =…
wlaem
  • 304
  • 1
  • 3
  • 13
2
votes
4 answers

Prepared statement for select query

I was wondering if I should be using prepared statements for simple select queries? Such as: `SELECT * FROM `table_name` With this, wouldn't it be better to just do: $db->query('SELECT * FROM `table_name`');
user1649448
2
votes
1 answer

build prepared statement from array and pass variable to execute

How to pass variable in loop to execute ??? example from one answer here... $placeholders = array_fill(0, count($array), '?'); $keys = $values = array(); foreach($array as $k => $v) { $keys[] = $k; $values[] = !empty($v) ? $v :…
Robert Mulinsky
  • 155
  • 9
2
votes
2 answers

Rails 3 connection.execute IN statement parameters array syntax

I have a syntax question regarding the Rails 3 ActiveRecord::Base.connection.execute method and parameter that i want to use with it. I have been fighting with this for some hours now and just do not seem to find any answers to this specific…
zima
  • 673
  • 1
  • 9
  • 16
2
votes
1 answer

Error with PDO (Prepared Statement) - Cannot use object of type PDOStatement as array

I've decided to migrate my project to prepared statements, and I am with an error after executing the following code: $sql = 'SELECT clanID FROM clan_users WHERE userID = :uid LIMIT 1'; $data = $this->pdo->prepare($sql); $data->execute(array(':uid'…
Renato Massaro
  • 544
  • 1
  • 8
  • 18
2
votes
1 answer

PHP PDO Not Updating Table and Producing No Errors

I'm trying to update a single element in one of my tables using a PDO prepared statement, and for some reason it's not working. I'm using try-and-catch and I'm receiving no errors from the system. I've also echoed both of my bound parameters, and…
user1562781
  • 379
  • 1
  • 9
  • 20
2
votes
1 answer

Strange performance Issue with SQL Server + Spring JAVA application

I am experience a strange performance issue when accessing data from SQL Server from a Spring based application. In my current setup, the Spring java application runs on a separate machine accessing data from a remote SQL Server DB. I am using…
user320587
  • 1,347
  • 7
  • 29
  • 57
2
votes
2 answers

PHP & MySQL: Creating your own Prepared statement without using MySQLi and/or PDO

Like my title, I want to know how to create a prepared statement without using MySQLi or PDO. The main point is learning the process of creation and it's security. I have nearly "ZERO-KNOWLEDGE" in this. Tried googling the topic but it seems that my…
Mysteltainn
  • 421
  • 3
  • 5
  • 13
2
votes
2 answers

ORA-00604: error occurred at recursive SQL level 1

I started getting the below SQL exception and I don't know what's the root cause for this exception? I am also closing dbconnection and prepared statement too. Then what's the problem? java.sql.SQLException: ORA-00604: error occurred at recursive…
arsenal
  • 23,366
  • 85
  • 225
  • 331
2
votes
1 answer

Prepared statement, is this written correctly?

I've been investing the time to learn Prepared Statements in MySQLi. I'm using PHP Solutions Second Edition by David Powers as a reference. This query pulls a random photo filename from a specific gallery. The gallery number is a variable ($i). This…
wordman
  • 581
  • 2
  • 6
  • 20
2
votes
2 answers

How to throw an exception inside a while loop when fetching mysqli result?

I'm using mysqli prepared statements in an OOP manner. Everything is working as intended, but I can't seem to find any documentation on how to detect and then throw an exception during a while loop. This how my code stands at the moment and it works…
Grenville
  • 503
  • 1
  • 3
  • 11
2
votes
1 answer

When making the same PDO query (with changing parameters), do I call prepare() every time, or just once?

I'm trying to learn how to use PDO and I need help understanding something. I keep reading that one of the biggest benefits of using PDO is that a it is much more efficient than mysql_* when making similar queries over and over again. I need to…
Nate
  • 26,164
  • 34
  • 130
  • 214
2
votes
0 answers

Prepared Statements And Stored Procedures

I currentrly have to face this problem. Since the post is nearly 4 years old, is there a solution for this now? Short summary: In Qt, you can prepare and execute a statement for MySQL which calls a stored procedure with some placeholders, but you…
SteakOverflow
  • 1,953
  • 13
  • 26
2
votes
1 answer

PHP/MYSQL - MYSQLI - Prepared Statements - How to get the value of this query?

I have a query that checks a database for a match against the input of a username and password, the corresponding values of this query would be either 0 (no match) or 1 (a match). This would output in a column (itDoesExist) with one value, either…
Craig van Tonder
  • 7,497
  • 18
  • 64
  • 109
1 2 3
99
100