-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Keith Hatton wrote:
> Hi Jeff,
>
> I guess you are right about performance, at least for the time being
with MySQL. However I would encourage you to use PreparedStatements for
the following reasons:
This begins to change with MySQL 4.1, which does have 'native' prepared
statements...So you'll get a performance boost without having to change
any of your code. This can be espeically true if a lot of your
parameters are numeric or binary data, because the driver no-longer has
to escape these, or send numbers as their string representation.
> 1. more portable - as you say, you will get big benefits in
> Oracle, for example, this way
>
> 2. easier for the programmer - if any of your variable data
> might contain quote characters or other chars requiring escape
> sequences, the JDBC driver handles all this for you if you use
> PreparedStatements. If you use the ordinary Statement object,
> then the String you construct for the query must have all these
> things escaped by hand.
This is the biggest benefit, as I see it. It cuts down on extra code you
might have to do, and is more robust, as well as secure.
>
> In essence, even if there is no significant performance benefit,
> I'd say you get more robust code for virtually no extra cost.
>
> Just my $0.02 worth.
>
> Hope this helps
> Keith
I agree!
- --
For technical support contracts, visit https://order.mysql.com/?ref=mmma
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mark Matthews <mark@stripped>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, SW Dev. Manager - J2EE/Windows
/_/ /_/\_, /___/\___\_\___/ Flossmoor (Chicago), IL USA
<___/ www.mysql.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+zQJ8tvXNTca6JD8RAsVTAJ46LmgI0bVFIeQcbv7q6hqRw0+WYACfeqIK
JPf1VAn03Z8CMqvM8GfmsIg=
=ZXNT
-----END PGP SIGNATURE-----
