A Prepared Statement is commonly used by an application to execute the same parameterized SQL statement again and again. Prepared statements are compiled only once by the DBMS. If we need to execute a statement multiple times, then execution of a prepared statement is faster, as it is compiled only once, while if we are using direct statements, then each statement is first compiled before execution. So, time taken in prepared execution is lesser as compared to the time taken in direct execution.
Prepared statements are also known as parameterized queries. Parameterized queries and prepared statements are features of database management systems that basically act as templates in which SQL can be executed.
Example of Prepared Statement using Java and C#
We are using Emp table. Here id is the primary key of the table. The following query will retrieve all the data of a row for id = 1.
SELECT * FROM Emp WHERE id = 1
Now, if we create a template of above statement and use that for multiple values of id, then it will look like:
SELECT * FROM Emp WHERE id = ?
Here, ? is called placeholder. It represents the place where actual values will be used in the SQL query. Placeholders are also known as bound parameters, since they are essential parameters that are passed to SQL that "bind" to the SQL at a later time.
Prepared Statement in JDBC
java.sql.PreparedStatement stmt = connection.prepareStatement("SELECT * FROM Emp WHERE id = ?");
for (int i = 1; i<= 100; i++)
{
stmt.setString(i, id);
stmt.executeQuery();
}
Parameterized Statements in SQL Server using C#
String sql = "SELECT * FROM Emp WHERE id = @id";
for(int i =1; i<=100; i++)
{
cmd.Parameters.AddWithValue("@id", i);
cmd.Parameters.Clear();
}
In the above code, cmd is a SqlCommand object.
