Top "Prepared-statement" questions

A Prepared Statement (or parameterized statement) is a precompiled SQL statement that serves to improve performance and mitigate SQL injection attacks.

Where's my invalid character (ORA-00911)

I'm trying to insert CLOBs into a database (see related question). I can't quite figure out what's wrong. I have …

java oracle jdbc prepared-statement
Using prepared statements with JDBCTemplate

I'm using the JDBC template and want to read from a database using prepared statements. I iterate over many lines …

java spring jdbc prepared-statement jdbctemplate
How can prepared statements protect from SQL injection attacks?

How do prepared statements help us prevent SQL injection attacks? Wikipedia says: Prepared statements are resilient against SQL injection, because …

sql security sql-injection prepared-statement
MySQLi prepared statements error reporting

I'm trying to get my head around MySQli and I'm confused by the error reporting. I am using the return …

php mysql mysqli prepared-statement
How does a PreparedStatement avoid or prevent SQL injection?

I know that PreparedStatements avoid/prevent SQL Injection. How does it do that? Will the final form query that is …

java sql jdbc prepared-statement sql-injection
How to use an arraylist as a prepared statement parameter

I have looked and have been unable to find an answer to the following challenge I am having. It seems …

java arraylist prepared-statement
Reusing a PreparedStatement multiple times

in the case of using PreparedStatement with a single common connection without any pool, can I recreate an instance for …

java jdbc prepared-statement
What does a question mark represent in SQL queries?

While going through some SQL books I found that examples tend to use question marks (?) in their queries. What does …

sql prepared-statement
What does "if (rs.next())" mean?

I am currently getting the error, java.sql.SQLException: Method 'executeQuery(String)' not allowed on prepared statement. because I …

java string prepared-statement resultset sqlexception
How to set list of parameters on prepared statement?

i have a list of names e.g.: List<String> names = ... names.add('charles'); ... and a statement: PreparedStatement …

java postgresql jdbc prepared-statement