Top "Prepared-statement" questions

A Prepared Statement (or parameterized statement) is a precompiled SQL statement that serves to improve performance and mitigate SQL injection attacks.

Does the preparedStatement avoid SQL injection?

I have read and tried to inject vulnerable sql queries to my application. It is not safe enough. I am …

java jdbc prepared-statement sql-injection
DIfference Between Stored Procedures and Prepared Statements?

What is the difference between Stored Procedures and Prepared Statements... And which one is better and why...!! I was trying …

stored-procedures prepared-statement
PreparedStatement and setTimestamp in oracle jdbc

I am using PreparedStatement with Timestamp in where clause: PreparedStatement s=c.prepareStatement("select value,utctimestamp from t where utctimestamp&…

java oracle jdbc timestamp prepared-statement
How to deal with (maybe) null values in a PreparedStatement?

The statement is SELECT * FROM tableA WHERE x = ? and the parameter is inserted via java.sql.PreparedStatement 'stmt' stmt.setString(1, …

java null prepared-statement
How can I Use Prepared Statements in CodeIgniter

Hi all I need to use Prepared Statements in my site. I tried use this $sql = "SELECT * FROM tbl_user …

php mysql codeigniter prepared-statement
Using Prepared Statements to set Table Name

I'm trying to use prepared statements to set a table name to select data from, but I keep getting an …

java sql prepared-statement
Which should I close first, the PreparedStatement or the Connection?

When using a PreparedStatement in JDBC, should I close the PreparedStatement first or the Connection first? I just saw a …

java jdbc connection prepared-statement
using nulls in a mysqli prepared statement

In a mysqli prepared statement, a NULL gets turned into '' (in the case of a string) or 0 (in the …

php mysql null mysqli prepared-statement
This PDO prepared statement returns false but does not throw an error

This code does not throw an error but the query fails, that is, the execute method returns false. How could …

php mysql insert pdo prepared-statement
PDO prepared statements for INSERT and ON DUPLICATE KEY UPDATE with named placeholders

I'd like to switch PDO INSERT and UPDATE prepared statements to INSERT and ON DUPLICATE KEY UPDATE since I think …

php pdo prepared-statement on-duplicate-key sqlbindparameter