On Mon, Sep 17, 2012 at 10:20 PM, david
If you are doing insertions that use the exact same statement
that many times in succession you should see a performance
improvement using a prepared statement.
Also the prepared statement will negate the need to worry
about escaping any other 'special characters' as part of the
idea is that the prepared statement will deal with them at the
level of the DBMS. Rather than forcing you to deal with it in
your code. The same is also true with Callable statements.
That said I would be interested to see how much of a
difference it makes using a normal or prepared statement,
mainly to see where the break point is in such things.
On 13/09/12 13:14, Suat Gonul wrote:
On 09/13/2012 01:54 PM, Knut Anders Hatlen wrote:
Suat Gonul <firstname.lastname@example.org>
Thank you very much. Escaping the ' character with
another ' has solved
I'd suggest that you use prepared statements with
It seems that is the problem, thanks. But, then I
think I should escape
special characters contained the values. Is there
standard procedure for
this? Is there a list of of special characters? What
do you suggest?
INSERT INTO t (id, revision) VALUES (?, 1)
and use ps.setString(1, "string value") to set the
value. Then you don't
need to worry about special characters in the string.
If you want to specify the string literally in your
SQL statement, only
the single-quote character is a special character, as
far as I know, and
it can be escaped with an extra single-quote
character. For example, to
insert the string «It's safer with PreparedStatement»,
you would have to
do something like this:
INSERT INTO t (id, revision) VALUES ('It''s safer with
Indeed I am doing a bulk insertion operation (1000
insertion at a time
(Values > 1000 causes stackoverflow exception)). So I
prepare the query
in advance and execute it in one step. In total, I have
However, I could not decide on which one would be more
I'm trying both options now.