tags:

views:

1445

answers:

4
+3  Q: 

Java Statement Object Reuse?

I would like to know if we can reuse the same Statement object for executing more than one query. Or, should we create a new statement for different queries.

For example,

Connection con = getDBConnection();
Statement st1 = con.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_READ_ONLY);
int i = st1.executeUpdate("update tbl_domu set domU_status=1 where domU_id=" + dom_U_id);
Statement st2 = con.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_READ_ONLY);
String date = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime());
int j = st2.executeUpdate("insert into tbl_domU_action_history values('" + dom_U_name + "', 1, '" + date + "')");

In the above case, is there any harm in using the same statement st1 for both the executeUpdate() queries? Can I use the same Statement object st1 for another executeQuery()?

+7  A: 

Yes, you can. However, it is very much better to use PreparedStatement to avoid SQL injection vulnerabilities.

Tom Hawtin - tackline  2008-12-23 19:32:31
+1  A: 

Whenever you assign something to a reference type, you're replacing the old reference with a new one.

For example...

MyObject obj = new MyObject("foo");
obj = new MyObject("bar");

Would have a now non-referenced instance of MyObject with some property set to "foo" that will eventually be garbage collected.

obj stores a reference to a MyObject with some property set to "bar".

R. Bemrose  2008-12-23 19:44:37
+1  A: 

The original point of using prepared statements was to avoid having the database parse and recompile the statement, so it's supposed to be faster.

I had not considered the SQL injection vulnerabilities use, but I'm not sure what, if any data checking is done. I suspect that it's driver-dependant, as the driver implementation is free to just glue the statements together. If anyone has further details, please post.

Steve B.  2008-12-23 20:06:50
It appears that the JDBC spec does not require correct handling of special characters. I'd like to hear about any drivers that do not so they can be avoided.
Tom Hawtin - tackline  2008-12-23 20:13:48
Steve, the idea re: SQL injection is that using parameterized statements avoids the risk. See http://en.wikipedia.org/wiki/SQL_injection#Preventing_SQL_Injection. Of course you are right that their original purpose was to avoid unnecessary parsing.
Dave Costa  2008-12-23 21:07:32
Yes, however as the drivers merely implement the JDBC interface(s) it's unclear to what extent this is actually happening, and it's totally dependent on the driver implementors. I was hoping someone would have more specific knowledge based on having had to deal with this issue in the past.
Steve B.  2008-12-23 21:19:56
+1  A: 

I came across the response I was looking for in the Javadocs

By default, only one ResultSet object per Statement object can be open at the same time. Therefore, if the reading of one ResultSet object is interleaved with the reading of another, each must have been generated by different Statement objects.

Epitaph  2009-01-07 01:08:46
It don't see how this answers the question : should we call the close() method on the Statement ?
watcherFR  2010-08-28 11:50:12

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java