Stack Overflow
Stack Overflow

Questions tagged [prepared-statement]

A Prepared Statement (or parameterized statement) is a precompiled SQL statement that serves to improve performance and mitigate SQL injection attacks. Prepared statements are used in many popular Relational Database Management Systems.

Prepared statements separate data binding from execution. Separating statement preparation from execution can be more efficient for statements that are executed multiple times, because the preparation phase need be done only once. For example, if you need to insert a bunch of rows, you can prepare an INSERT statement once and then execute it repeatedly, binding successive row values to it for each execution. A prepared statement can contain placeholders to indicate where data values should appear. After you prepare the statement, bind specific values to the placeholders (either before or at statement-execution time), then substitute the values into the statement before sending it to the database server.

Also see: ,

6193 questions
2
votes
1 answer

JDBC PreparedStatement with Hexadecimal Literals

I have a Mysql compatible Hexadecimal Literal, for example X'4D7953514C' How do I assign such a value with PreparedStatments, I tried setString but the value gets wrapped into quotes. The goal is to have a sql statement that looks like this (col1 is…
DED
  • 143
  • 11
2
votes
1 answer

JavaDB anonymous column name

I am trying to create a generalized UPDATE-statement like this, where only the table-name is fixed. updateValueQuery = conn.prepareStatement("UPDATE TABLENAME SET (?)=(?)"); That fails with an SQLException complaining about syntax. As soon as I…
Max Beikirch
  • 2,053
  • 5
  • 25
  • 36
2
votes
2 answers

More efficient method for storing records from a file

Recently in discussion I was asked: You have one flat file containing many records say 5 million. You need to write a Java program that can fetch records from this file and store it in database say via JDBC. What will be the most efficient…
reiley
  • 3,759
  • 12
  • 58
  • 114
2
votes
1 answer

JavaScript SQLite Prepared Statements

I have a few questions that I can't seem to get workable answers to after hanging ten on the internet for an hour and a half, so I figured I would ask them directly. I want to incorporate some prepared statements into a JavaScript application that…
McPhelpsius
  • 253
  • 1
  • 4
  • 16
2
votes
2 answers

Best way of using PreparedStatement executeBatch()

I am trying to figure out the best way of using PreparedStatement executeBatch() method. One way i tried is: try{ prepStmt1 = conn.prepareStatement("update table set done='yes' where phone=?"); while (operatorsQuery.next() ) { …
susparsy
  • 1,016
  • 5
  • 22
  • 38
2
votes
1 answer

PreparedStatment batchExecute only excecuted the last batch

i am having trouble with the prepared statement batch excecuter: try{ while (operatorsQuery.next()) { phone = Integer.toString(operatorsQuery.getInt(1)); prepStmt1 = connBlng.prepareStatement("update table set…
susparsy
  • 1,016
  • 5
  • 22
  • 38
2
votes
1 answer

Java + MySQL - PreparedStatement troubles with encoding

I got this program that interacts with MySQL. It works but acts strangely when non-ASCII occur in the statement. I'm using prepared statement: public ResultSet executeQuery(Connection _conn, int _val1, String _val2) throws SQLException { …
Michal Artazov
  • 4,368
  • 8
  • 25
  • 38
2
votes
2 answers

MySQL/C++ and Prepared Statements: setInt always 0

I'm using the MySQL Connector/C++ library to insert values into a database table. I'm following the examples at http://dev.mysql.com/tech-resources/articles/mysql-connector-cpp.html almost exactly. However, I can't seem to get prepared statements…
Ryan
  • 567
  • 4
  • 15
2
votes
2 answers

why should use ATTR_EMULATE_PREPARES, is any alternatives of mysql_real_escape_string? in PDO

is there any alternatives in PDO as in mysql is mysql_real_escape_string? why we should set 'false' -> ATTR_EMULATE_PREPARES constant?
GAURAV MAHALE
  • 1,032
  • 10
  • 18
2
votes
1 answer

Determining if no rows are returned from a prepared statment

I'm implementing prepared statements on my already working mysqli queries. I'm having trouble with a line if(mysqli_num_rows($result) == 0) as it's now a string instead of a mysqli_result. if($nameAvailableStmt = mysqli_prepare($link, 'SELECT name…
Celeritas
  • 14,489
  • 36
  • 113
  • 194
2
votes
1 answer

SQL Syntax Error in Java

I am developing an application with java on netbeans/windows 7. I was trying to insert data to database with PreparedStatement using SQL. So this is my code; private void addInfoActionPerformed(java.awt.event.ActionEvent evt) { …
Hakan Ali Yasdi
  • 105
  • 1
  • 4
  • 14
2
votes
3 answers

Why do I get a SQL error when preparing a statement in mysqli?

I have the following query: INSERT INTO ipi_messages (Message_userID, Message_fromName, Message_fromEmail, Message_subject, Message_body) VALUES(0, 'hope', 'thisworks@gmail.com', 'i hope', 'this works') And I get the following MySQL error: You have…
Fillip Peyton
  • 3,637
  • 2
  • 32
  • 60
2
votes
2 answers

Fastest way to validate username and password PHP - MySQL - MySQLi - PDO - Prepared Statements

I’m a newbie, and this is my first post. I hope that some day I’ll be able to help out newbies like myself. In the meantime, I thank you in advance for your replies. Is the script below the fastest and most efficient way to check if a username…
user2438112
  • 29
  • 1
  • 3
2
votes
2 answers

PreparedStatement Batch Update in Concurrency Application

I have two methods method A and method B. Method A is responsbile for sending bills to user and Method B is responsbile for updating database. Method B uses PreparedStatement. Method A is run by different concurrent threads at a time. For example…
Madan Madan
  • 674
  • 1
  • 11
  • 28
2
votes
2 answers

PDO error when using POST data value as parameter

I have a SELECT statement that I am building via PHP and PDO to provide a list of users who have logged in the last XX minutes. When I hard code the interval of time the SQL statement executes fine yet when I try to substitute an interval selected…
webworm
  • 10,587
  • 33
  • 120
  • 217
1 2 3
99 100