Java Reference
In-Depth Information
To add a record to the database, the executeUpdate() method is used with an
SQL INSERT statement. The INSERT statement inserts into a table the comma-
delimited list of values given inside a set of parentheses. To insert values for a
user record into an SQL statement, including the value of a serialized Password
object, a prepared statement is used. A
PreparedStatement
is a Statement object
used to execute a precompiled or dynamic SQL statement. A
dynamic SQL
statement
has parameter values that can change as the program executes.
All SQL statements must be compiled by the DBMS before they are exe-
cuted. In many cases, a prepared statement is sent to the DBMS and compiled
when it is created. When the prepared statement is executed, the DBMS
simply can run the statement without compiling it again. This can make a
PreparedStatement object more efficient to use than a Statement object if the
same SQL statement is executed many times. Additionally,
placeholders
, repre-
sented as question mark (?) characters in the SQL statement, allow the same
prepared statement to be used with different parameter values each time it is
executed.
Lines 139 through 144 create the initial data for the database. These variables
also are used later to set values for the PreparedStatement object. Line 143
creates a Password object from the initial string password value supplied.
The following step enters code to create a PreparedStatement object with
placeholders for five dynamic parameters.
To Create a PreparedStatement Object
1.
Enter lines 137 through 147 as shown in Figure 11-17 on page 711.
A PreparedStatement object is created with placeholders for five parameters
to be set later (Figure 11-28). The variable values listed are the initial data
recorded in the database.
initial
data
PreparedStatement
FIGURE 11-28
placeholders
Search WWH ::
Custom Search