问题描述
我不知道是否有是一个ArrayList(或任何形式的List,对于这个问题)绑定到preparedStatement最终将被用于访问Oracle数据库的方式。我发现:
I was wondering if there was a way to bind an ArrayList (or any kind of List, for that matter) to a PreparedStatement which will eventually be used to access an Oracle database. I found:
<一个href=\"http://stackoverflow.com/questions/178479/alternatives-for-java-sql-$p$pparedstatement-in-clause-issue\">http://stackoverflow.com/questions/178479/alternatives-for-java-sql-$p$pparedstatement-in-clause-issue
这似乎类似于我的问题,但这个问题更具体:我想绑定一个ArrayList到preparedStatement在Oracle中使用,如果有可能,这是怎么实现的
And that seems similar to my issue, but this question is more specific: I'd like to bind an ArrayList to a PreparedStatement to be used in Oracle, if it is possible, how is this accomplished?
推荐答案
您不能在列表绑定到了prepared语句的参数。
You can't bind a List to a single parameter in a prepared statement.
生成SQL与一个参数标记为列表中的每个元素,例如:
Generate SQL with the a parameter marker for each element in the list, for example:
SELECT NAME FROM ITEM WHERE ID IN (?, ?, ?, ?)
尽管你会为每个查询的新说法,我还是推荐使用 preparedStatement
。如果您的列表中包含字符串
情况下,你会得到必要的逃脱从SQL注入保护。
Even though you'll generate a new statement for each query, I'd still recommend using a PreparedStatement
. If your list contains String
instances, you'll get the necessary escaping to protect from SQL injection.
但即使它是一个安全的类型,如整数
的对象,一些司机或者中间件可以缓存 preparedStatements
,如果被请求相同的形式返回缓存的实例。当然,一些测试是必要的。如果你的列表的大小有很大的不同,你将有许多不同的语句,而不善实现高速缓存可能不ppared处理这么多的$ P $。
But even if it's a safe type, like Integer
objects, some drivers or middleware can cache PreparedStatements
, and return a cached instance if the same form is requested. Of course, some testing would be necessary. If your lists vary widely in size, you'll have many different statements, and a poorly-implemented cache might not be prepared to handle so many.
这篇关于我如何绑定一个ArrayList到Oracle中preparedStatement?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!