Difference between Statement and PreparedStatement in Java

Here you will learn about difference between statement and preparedstatement in Java i.e. Statement vs PreparedStatement.

The Java Database Connectivity (JDBC) API is essentially used to connect Java applications with databases. It could be any relational or OLAP database.

The JDBC API offers different interfaces to connect to particular databases and execute numerous types of SQL queries such as follows:

  1. Statement
  2. PreparedStatement

These JDBC interfaces offers different functionalities, properties and methods which enables us to connect to databases and execute SQL or PL/SQL commands.

Statement Interface

The Statement interface in Java is a general purpose interface used widely to execute database queries in Java applications.

This is essentially used for static SQL statements and does not allow the end user to pass any values as parameter during runtime.

Here’s how the syntax of a statement interface that can be defined in your Java applications:

public interface Statement extends Wrapper, AutoCloseable

The Statement interface may enforce the SQL injection attacks since it does not escape the special characters which are a high advantage for the SQL injection attacks to succeed.

The Statement is not acceptable for reusability purpose and is very slow in executing the SQL queries as compared to the preparedStatement interface. It is used to execute an SQL query only once.

Some of the common methods in Statement interface are as follows:

  1. public int executeUpdate(String sql)
  2. public int[] executeBatch()
  3. public boolean execute(String sql)
  4. public ResultSet executeQuery(String sql)

PreparedStatement Interface

The PreparedStatement in Java is an advancement over the Statement interface which is used to execute SQL queries within Java based applications.

This is used for dynamic SQL statements and therefore, allows the end user to pass multiple values as parameters during runtime.

Here’s how the syntax of a preparedStatement interface that can be defined in your Java applications:

public interface PreparedStatement extends Statement

Since this interface escapes the special characters, the PreparedStatement interface prevents SQL injections.

The preparedStatement is exceptionally better for reusability purpose and is faster in executing the SQL queries as compared to the Statement interface.

Some of the common methods in Statement interface are as follows:

  1. public void setDouble(int paramIndex, double value)
  2. public void setFloat(int paramIndex, float value)
  3. public void setInt(int paramIndex, int value)
  4. public void setString(int paramIndex, String value)

Let us discuss difference between these interfaces in detail.

Difference between Statement and PreparedStatement in Java

Sr. No. Statement PreparedStatement
1 This JDBC API interface is used for static SQL statements at run time. The PreparedStatement interface is used for dynamic SQL statements at run time.
2 There is no specific protocol in Statement interface. The PreparedStatement used the non sql binary protocol
3 The Statement interface does not allow accepting parameters at runtime. The PreparedStatement interface allow accepting parameters at runtime.
4 This interface is used when the SQL query is required to be executed only once. This interface is used when the SQL query is required to be executed multiple times.
5 The performance of the Statement interface is comparatively not upto the mark. The performance of the PreparedStatement interface is better than Statement.
6 The Statement interface enforces SQL injection. The PreparedStatement does not enforce SQL injection.
7 The Statement interface does not extends the PreparedStatement interface. The PreparedStatement interface extends the Statement interface.
8 There could be a possibility of writing concatenated SQL statements while using the Statement interface. There’s no need of writing concatenated SQL statements when using the PreparedStatement interface.
9 The SQL queries that are executed using Statement interface are executed at runtime, and therefore, it is a little slower performance wise. The SQL queries executed using PreparedStatement are pre compiled and therefore, it offers a better performance.
10 The statement interface cannot be used for retrieving or storing image and files in the databases. The PreparedStatement interface can be used for retrieving or storing image and files in the databases.
11 This interface does not offer using setArray method in Java. This interface offers using setArray method in Java.
12 The statement interface is beneficial when using Data Definition Language (DDL) commands. The PreparedStatement interface is beneficial when using Data Manipulation Language (DML) commands.
13 The commands that are mostly used in this interface are create, drop, truncate and alter. The commands that are mostly used in this interface are select, delete, update and insert.

This article is submitted by Tushar Soni, he has a programming blog www.codingalpha.com

Comment below if you have any queries or found any information incorrect in above tutorial for difference between Statement and PreparedStatement in Java.

Leave a Reply

Your email address will not be published. Required fields are marked *