我发现现有的问题similar对这个问题实际上没有明确的答案。用不同的sql查询批量准备语句
一个SQL查询一个正常批次的PreparedStatement会是这个样子:
private static void batchInsertRecordsIntoTable() throws SQLException {
Connection dbConnection = null;
PreparedStatement preparedStatement = null;
String insertTableSQL = "INSERT INTO DBUSER"
+ "(USER_ID, USERNAME, CREATED_BY, CREATED_DATE) VALUES"
+ "(?,?,?,?)";
try {
dbConnection = getDBConnection();
preparedStatement = dbConnection.prepareStatement(insertTableSQL);
dbConnection.setAutoCommit(false);
preparedStatement.setInt(1, 101);
preparedStatement.setString(2, "mkyong101");
preparedStatement.setString(3, "system");
preparedStatement.setTimestamp(4, getCurrentTimeStamp());
preparedStatement.addBatch();
preparedStatement.setInt(1, 102);
preparedStatement.setString(2, "mkyong102");
preparedStatement.setString(3, "system");
preparedStatement.setTimestamp(4, getCurrentTimeStamp());
preparedStatement.addBatch();
preparedStatement.setInt(1, 103);
preparedStatement.setString(2, "mkyong103");
preparedStatement.setString(3, "system");
preparedStatement.setTimestamp(4, getCurrentTimeStamp());
preparedStatement.addBatch();
preparedStatement.executeBatch();
dbConnection.commit();
System.out.println("Record is inserted into DBUSER table!");
} catch (SQLException e) {
System.out.println(e.getMessage());
dbConnection.rollback();
} finally {
if (preparedStatement != null) {
preparedStatement.close();
}
if (dbConnection != null) {
dbConnection.close();
}
}
}
来自http://www.mkyong.com/jdbc/jdbc-preparedstatement-example-batch-update/
不过,我正在寻找对进行批量交易的方式不同的 sql查询。即INSERT INTO TABLE A
和INSERT INTO TABLE B
,没有SQL注入攻击的风险。我知道preparedstatements是避免这种攻击的首选方法,但我不知道用于区分SQL查询的批量事务的方法吗?
我知道可以创建多个实例,但是如果所有查询都不同,那么这将不会增加任何性能优势。我最终只是提到SQL注入安全性,并使用常规批处理语句而不是预处理语句。 – Hooli