JSP_[JDBC 연결 PreparedStatement 와 Statement 차이]

1. Statement

- JDBC로드 -> DB Connection 연결 -> 쿼리

/* JDBC 드라이브 로드 */
        Class.forName("oracle.jdbc.OracleDriver");

        /* DB연결 */
        Connection conn = DriverManager.getConnection(
                "jdbc:oracle:thin:@localhost:1521:orcl", "scott", "scott")

String query = "INSERT INTO USERINFO(NAME, ID, PASSWORD) VALUES(" + name + "," + id + "," + password + ")";

if(conn != null){

Statement stmt = conn.createStatement();

stmt.executeUpdate(query);

}

2. PreparedStatement

- JDBC로드 -> DB Connection 연결 -> 쿼리

/* JDBC 드라이브 로드 */
        Class.forName("oracle.jdbc.OracleDriver");

        /* DB연결 */
        Connection conn = DriverManager.getConnection(
                "jdbc:oracle:thin:@localhost:1521:orcl", "scott", "scott")

String query = "INSERT INTO USERINFO(NAME, ID, PASSWORD) VALUES(?, ?, ?)";

if(conn != null){
                PreparedStatement pstmt = conn.prepareStatement(query);
                pstmt.setString(1, name);
                pstmt.setString(2, id);
                pstmt.setString(3, password);
                pstmt.executeUpdate();
            }

※ PreparedStatement 가 훨씬 편함.

    예제)

<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.DriverManager"%>
<%@page import="java.sql.Driver"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.Connection"%>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" errorPage="DBError.jsp"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
</head>
<body>
    <%
        request.setCharacterEncoding("UTF-8");
   
        String name = request.getParameter("name");
        String id = request.getParameter("id");
        String password = request.getParameter("password");
       
        if(name == null || id ==null || password == null){
            throw new Exception("데이타를 입력하세요");
        }
        Connection conn = null;
        PreparedStatement pstmt = null;
       
        String DBurl = "jdbc:oracle:thin:@localhost:1521:orcl";
        String DBuser = "scott";
        String DBpassword = "scott";
        try{
            Class.forName("oracle.jdbc.OracleDriver");
            conn = DriverManager.getConnection(DBurl, DBuser, DBpassword);
           
            String query = "INSERT INTO USERINFO(NAME, ID, PASSWORD) VALUES(?, ?, ?)";
           
            if(conn != null){
                pstmt = conn.prepareStatement(query);
                pstmt.setString(1, name);
                pstmt.setString(2, id);
                pstmt.setString(3, password);
                pstmt.executeUpdate();
            }
            else {
                throw new Exception("DB 연결 실패!");
            }
        }
        finally{
            pstmt.close();
            conn.close();
        }
        response.sendRedirect("SubscriptionResult.jsp");
        %>
</body>
</html>