About
SQL - Prepared Statement in JDBC.
The PreparedStatement interface extends Statement.
Articles Related
Syntax
Parameter markers, represented by “?” in the SQL string, are used to specify bind variable (input values) to the statement that may vary at runtime.
Connection conn = ds.getConnection(user, passwd);
PreparedStatement ps = conn.prepareStatement(“INSERT INTO BOOKLIST" +
"(AUTHOR, TITLE, ISBN) VALUES (?, ?, ?)”);
ps.setString(1, “Zamiatin, Evgenii”);
ps.setString(2, “We”);
ps.setLong(3, 0140185852L);
ps.setNull(2, java.sql.Types.VARCHAR);
Integer value = new Integer(15);
ps.setObject(1, value, java.sql.Types.SHORT);
Integer value = new Integer(15);
// value is mapped to java.sql.Types.INTEGER
ps.setObject(1, value);
Some driver may support named parameters supportsNamedParameters