The PreparedStatement interface inherits from the Statement interface and is used to execute pre-compiled SQL statements with or without parameters. Compared with the Statement interface used to execute static SQL statements, the SQL statements in the PreparedStatement interface are precompiled, and the efficiency of repeated execution is higher.
The PreparedStatement object is created using the prepareStatement method in the Connection interface. Such as:
Create a PreparedStatement object for the SQL statement insert. Five question marks are used as placeholders for parameters to represent the values of Name,PhoneNumber,Email,QQ,Note of a record in Contacts.
PreparedStatement preparestatement = connection.prepareStatement("insert into Contacts(Name,PhoneNumber,Email,QQ,Note) values(?,?,?,?,?)");
Create a PreparedStatemen object for the SQL statement select statement. The question mark in this statement represents the value of Name in Contacts.
PreparedStatement preparestatement = connection.prepareStatement("select * from Contacts where Name=?");
As a sub-interface of the Statement interface, the PreparedStatement interface inherits all the methods defined in the Statement interface, and also provides a way to set parameters in the PreparedStatement object. These methods are used to set the values of parameters before executing statements or procedures. The general setting method is:
setX(int parameterIndex,X value);
X is the parameter type, and parameterIndex is the subscript in the statement (the subscript starts from 1). For example, pass the parameter "Jack" to the placeholder of Name in the PreparedStatement object:
preparedstatement.setString(1, "Jack");
After setting the parameters, you can call the method executeQuery() or executeUpdate() to execute the prepared statement. Which method to use depends on the function of the PreparedStatemen object, query or update. Only these two methods do not require parameters, which is different from the method of the same name in the Statement interface. Because the SQL statement was specified at the time of creation.
The following is the reference code:
public void DriverJdbc() {
try {
Class.forName("com.mysql.cj.jdbc.Driver");//load driver
System.out.println("Ok");
//Establish a connection
connection = DriverManager.getConnection("jdbc:mysql://localhost/Contacts?serverTimezone=UTC", "root", "Cc229654512");
} catch (Exception ex) {
ex.printStackTrace();
}
}//insert data
public void UsePreparedStatement() {
DriverJdbc();
try {
PreparedStatement preparedstatement = connection.prepareStatement("insert into Contacts(Name,PhoneNumber,Email,QQ,Note) values(?,?,?,?,?)");
//Setting parameters
preparedstatement.setString(1, "Jack");
preparedstatement.setString(2, "12345678912");
preparedstatement.setString(3, "2233@126.com");
preparedstatement.setString(4, "1234");
preparedstatement.setString(5, "Masked Superman");
//Call the executeUpdate() method
preparedstatement.executeUpdate();
} catch (SQLException ex) {
ex.printStackTrace();
}
}//Query data
public void UsePreparedStatementOut(){
DriverJdbc();
try {
PreparedStatement preparedstatement = connection.prepareStatement("select * from Contacts where Name=?");
//Setting parameters
preparedstatement.setString(1, "Jack");
//Call the executeQuery() method
ResultSet resultset=preparedstatement.executeQuery();
if(resultset.next()){
resultset.previous();
while(resultset.next()){
System.out.println(resultset.getString(1) + "\t" + resultset.getString(2) + "\t" + resultset.getString(3) + "\t" + resultset.getString(4) + "\t"
+ resultset.getString(5));
}
}
} catch (SQLException ex) {
ex.printStackTrace();
}
}Reference: Java Language Programming (Advanced)