Stack Overflow
Stack Overflow

Questions tagged [prepared-statement]

A Prepared Statement (or parameterized statement) is a precompiled SQL statement that serves to improve performance and mitigate SQL injection attacks. Prepared statements are used in many popular Relational Database Management Systems.

Prepared statements separate data binding from execution. Separating statement preparation from execution can be more efficient for statements that are executed multiple times, because the preparation phase need be done only once. For example, if you need to insert a bunch of rows, you can prepare an INSERT statement once and then execute it repeatedly, binding successive row values to it for each execution. A prepared statement can contain placeholders to indicate where data values should appear. After you prepare the statement, bind specific values to the placeholders (either before or at statement-execution time), then substitute the values into the statement before sending it to the database server.

Also see: ,

6193 questions
21
votes
1 answer

Why even use *DB.exec() or prepared statements in Golang?

I'm using golang with Postgresql. It says here that for operations that do not return rows (insert, delete, update) we should use exec() If a function name includes Query, it is designed to ask a question of the database, and will return a set of…
CommonSenseCode
  • 23,522
  • 33
  • 131
  • 186
21
votes
1 answer

PreparedStatement and setTimestamp in oracle jdbc

I am using PreparedStatement with Timestamp in where clause: PreparedStatement s=c.prepareStatement("select value,utctimestamp from t where utctimestamp>=? and utctimestamp
Roman
  • 999
  • 3
  • 12
  • 23
21
votes
6 answers

PDO prepared statement - what are colons in parameter names used for?

I've seen many articles using colons (:) in front of named parameters when using PDO, and a couple that do not use the colon. I'd just as soon not use the colon, simply because it's one less keystroke and slightly easier to read. It seems to be…
Jonathan
  • 311
  • 3
  • 10
21
votes
2 answers

Oracle's RETURNING INTO usage in Java (JDBC, Prepared Statement)

I'm using JDBC to execute Oracle statement which looks like this: "INSERT INTO MYTABLE(MYDATA) VALUES(?) RETURNING MY_CALCULATED_DATA INTO ?" // MYTABLE's def makes MY_CALCULATED_DATA be auto-generated by DB on insert I found several ways to call…
Wanna Know All
  • 681
  • 2
  • 8
  • 18
21
votes
4 answers

Two different prepared statements in one single batch

I want to send two different prepared statements in one single batch. Currently I am doing this in two as you can see in the commented lines and it works, but that is not the main objective here. Can anyone tell me what to put in place of those…
gmustudent
  • 2,229
  • 6
  • 31
  • 43
21
votes
3 answers

Insert row into database with PreparedStatement

I want to insert a row into a table using PreparedStatement. The table got 3 columns(int, String, String). The thing is that the int column is AUTO_INCREMENT, so I want to leave that variable empty and let the database do that job (It's an id).…
Lucas Arrefelt
  • 3,879
  • 5
  • 41
  • 71
21
votes
3 answers

What are client-side prepared statements?

Trying to learn something new - specifically trying to choose wether to use MySQLi or PDO for future projects when working with MySQL - I stumbled upon this page which shows an overview of options available to me. At the bottom of this page is a…
Repox
  • 15,015
  • 8
  • 54
  • 79
20
votes
3 answers

What does it mean when I say Prepared statement is pre-compiled?

I am using MySQL in Java. I don't have a good understanding of PreparedStatement. I know it is better to use PreparedStatement than Statement. The reason being it is compiled. What do we mean by compiled?
unknown
  • 4,859
  • 10
  • 44
  • 62
20
votes
7 answers

Prepared Statement vs. Stored Procedure

If you are using php5 and mysql5, is there a substantial advantage to using stored procs over prepared statements? ( i read somewhere you may not get substantial performance gains from mysql5 stored proc)
John
  • 32,403
  • 80
  • 251
  • 422
20
votes
3 answers

Insert using PreparedStatement. How do I auto-increment the ID?

I have a PreparedStatement such as: PreparedStatement preparedStatement = connect.prepareStatement("INSERT into employee (id, time, name" + "(?,?,?)",Statement.RETURN_GENERATED_KEYS); ResultSet tableKeys = preparedStatement.getGeneratedKeys(); …
gran_profaci
  • 8,087
  • 15
  • 66
  • 99
20
votes
8 answers

How can I print the SQL query executed after Perl's DBI fills in the placeholders?

I'm using Perl's DBI module. I prepare a statement using placeholders, then execute the query. Is it possible to print out the final query that was executed without manually escaping the parameters and dropping them into the placeholders? Thanks
aidan
  • 9,310
  • 8
  • 68
  • 82
20
votes
2 answers

PDO prepared statements for INSERT and ON DUPLICATE KEY UPDATE with named placeholders

I'd like to switch PDO INSERT and UPDATE prepared statements to INSERT and ON DUPLICATE KEY UPDATE since I think it'll be a lot more efficient than what I'm currently doing, but I'm having trouble figuring out the correct syntax to use with named…
Chaya Cooper
  • 2,566
  • 2
  • 38
  • 67
19
votes
2 answers

SQL Alchemy Parametrized Query , binding table name as parameter gives error

I am using parametrized query utilizing Text object in SQL alchemy and are getting different result. Working example: import sqlalchemy as sqlal from sqlalchemy.sql import text db_table = 'Cars' id_cars = 8 query = text("""SELECT *…
H. Tao
  • 237
  • 2
  • 9
19
votes
8 answers

How to bind mysqli bind_param arguments dynamically in PHP?

I have been learning to use prepared and bound statements for my sql queries, and I have come out with this so far, it works okay but it is not dynamic at all when comes to multiple parameters or when there no parameter needed, public function…
Run
  • 54,938
  • 169
  • 450
  • 748
19
votes
1 answer

How to log values that Hibernate binds to prepared statements?

How can I make Hibernate log the values it binds to prepared statements? If I set property hibernate.show_sql=true I get following kind of logging: insert into tablename (field1, field2) values (?, ?) I'd like also to know what values are bound to…
Juha Syrjälä
  • 33,425
  • 31
  • 131
  • 183
1 2 3
99 100