In this post, I am going to discuss small theory about Prepared or Parameterized Statements of Database Technology.
What is Prepared or Parameterized Statements?
This statement is one of features of the database system in which same SQL statement executes repeatedly with high efficiency. The prepared statements are one kind of the Template and used by application with different parameters.
Database System can execute the same SQL statement without doing the parsing, compiling and optimizing again and again for the same kind of SQL Statement.
Another characteristic of Prepared or Parameterized Query:
The statement template is prepared and sent to the database system and database system perform parsing, compiling and optimization on this template and store without executing it.
Some of parameter like, where clause is not passed during template creation later application, send these parameters to the database system and database system use template of SQL Statement and executes as per request.
Prepared statements are very useful against SQL Injection because the application can prepare parameter using different techniques and protocols.
When the number of data is increasing and indexes are changing frequently at that time Prepared Statements might be fail because in this situation require a new query plan.
All different database technology likes, Microsoft SQL Server, PostgreSQL, MySQL, Oracle is supported parametrized statements.
This is all basic about Prepared and Parameterized Statements.
Please the small practical example of MySQL Prepared statements.
|How to create prepared statement in MySQL|