SQL - Prepared Statement in JDBC.
The PreparedStatement interface extends Statement.
See also: JDBC - Batch (Update|Statement) (DML|DDL)
Parameter markers, represented by “?” in the SQL string, are used to specify bind variable (input values) to the statement that may vary at runtime.
Connection conn = ds.getConnection(user, passwd);
PreparedStatement ps = conn.prepareStatement(“INSERT INTO BOOKLIST" +
"(AUTHOR, TITLE, ISBN) VALUES (?, ?, ?)”);
ps.setString(1, “Zamiatin, Evgenii”);
ps.setString(2, “We”);
ps.setLong(3, 0140185852L);
ps.setNull(2, java.sql.Types.VARCHAR);
Integer value = new Integer(15);
ps.setObject(1, value, java.sql.Types.SHORT);
Integer value = new Integer(15);
// value is mapped to java.sql.Types.INTEGER
ps.setObject(1, value);
Some driver may support named parameters supportsNamedParameters