At 12:23 PM -0500 2002/11/11, Henri Yandell wrote:
I have two reasons for building SQL statements from strings instead of using prepared statements:Looking at these, it seems that the first and third are easier done by using a PreparedStatement, which knows more about exactly how the particular database likes to escape a ' etc.Is there a big need to provide a String method here, or should people just be upgrading to the PreparedStatement?
* if you're not iterating through repeated queries, the overhead of creating a prepared statement is wasted -- this isn't a critical optimization, but it is one argument against using prepared statements for one-off queries. (See http://www.onjava.com/pub/a/onjava/2001/12/19/oraclejdbc.html, tip #3)
* When developing, it can be substantially easier to debug JDBC problems when you can see the values which were used in the SQL statement; this is easier done by printing a complete SQL statement than by reconstructing it.
I think these are pretty good reasons for leaving the choice up to users of the library, instead of steering people straight to PreparedStatements in all cases...
Joe
--
--
* Joe Germuska { [EMAIL PROTECTED] }
"It's pitiful, sometimes, if they've got it bad. Their eyes get glazed, they go white, their hands tremble.... As I watch them I often feel that a dope peddler is a gentleman compared with the man who sells records."
--Sam Goody, 1956
--
To unsubscribe, e-mail: <mailto:commons-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:commons-dev-help@;jakarta.apache.org>
