Apart from SQL-injection considerations Is there any advantage or disadvantage in using PreparedStatement parameters versus literal values when the statement will only be executed once?
Our generic database handling code currently uses statement parameters for all situations and column types. We are considering changing this to literal values in the SQL string for numerical types, timestamp types etc. and only use parameters for string values when the statement will be executed only once (which we know upfront). -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/h2-database/f428ad36-1bc4-4e8b-8f2b-c73ac77af742n%40googlegroups.com.
