[aprssig] Oracle connection ?
Gregg Wonderly
gregg at wonderly.org
Thu Jun 23 11:26:23 EDT 2005
scott at opentrac.org wrote:
> I'd also suggest using bind variables if possible. Generating a SQL
> statement dynamically (e.g. sql = "select * from table where x = '" & xyz &
> "'") can be a security risk if not done right, and even if you're executing
> the same query a million times with different values it's still got to parse
> the statement every time. If you can use bind variables (e.g. xyz = "foo";
> sql = "select * from table where x = &xyz") then Oracle will be able to
> cache the parsed statement and can process it faster.
>
> The exact details of how to do it vary depending on the language and
> interface mechanism you're using. I'd imagine it's possible in JDBC, but I
> don't do much Java myself.
>
> If you want a starting point, I'll see if I can find the source code for my
> Windows service.
In JDBC, there is
PreparedStatement st = st.prepareStatement( "select f1,f2,f3 from <table> where f1=? and f2=?");
st.setString(1,f1Value);
st.setDouble(2,f2Value);
ResultSet rs = st.executeQuery();
and then it is supposed to be much more efficient. I would guess that this would use bind variables or other
optimizations to help with speed. I use PreparedStatements against an oracle database and it is definately faster.
Gregg Wonderly
More information about the aprssig
mailing list