对比tatement和PreparedStatement
- Statement存在sql注入问题,PreparedStatement解决了sql注入问题
- Statement是编译一次执行一次;PreparedStatement是编译一次,可以执行N次;PreparedStatement执行效率较高一些
- PreparedStatement在编译阶段会做类型的安全检查
综上所述:PreparedStatement使用较多,Statement使用较少,只有业务方面要求支持sql注入和业务方面需求要进行sql语句拼接的才会使用
When nothing seems to help, I go look at a stonecutter hammering away at his rock, perhaps a hundred times without as much as a crack showing in it. Yet at the hundred and first blow it will split in two, and I know it was not that blow that did it, but all that had gone before. -- Jacob Riis