Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Difference between PreparedStatement and StoredProcedure ?

Re: Difference between PreparedStatement and StoredProcedure ?

From: <sybrandb_at_gmail.com>
Date: Wed, 14 Mar 2007 20:06:52 +0100
Message-ID: <7phgv21e6t9mh7no8im6els4flgicnq2sp@4ax.com> 





On 14 Mar 2007 09:14:45 -0700, "lorenzo" <lorenzo.el.sol_at_ifrance.com>
wrote:



>Hi,

>

>Well.. I'm trying to understand differences between the 3 ways of a

>web application to call a database (in a security and sql injection

>risks overview) :

>

>- Dynamic SQL Statement

>

>- PreparedStatement (with bind variable)

>

>- Stored procedures (or callable statement)

>

>I have read some explanation on the web but i still have a lot of

>difficulties to understand the fondamental differences beetween

>preparedStatement and storedProcedure ?

>

>The two ways seems to be effective to limit SqlInjection attacks but i

>don't see why StoredProcedure are better than PreparedStatement.

>

>Is anybody have a good explanation for that ?

>

>Thanks a lot in advance for your help

>

>@+

>Lorenzo




dynamic sql : hard parse every time


preparedstatement : hard parse first time, soft parse at subsequent
executions


Stored procedure: hard parse at compilation time, soft parse
otherwise.


-- 
Sybrand Bakker
Senior Oracle DBA


Received on Wed Mar 14 2007 - 14:06:52 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US