JDBC insert multiple rows

Question

I am now using batch:

String query = \"INSERT INTO table (id, name, value) VALUES (?, ?, ?)\";
PreparedStatement ps = connection.prepareStatement(query);             


        

Answer 1

First of all, with query string concatenation you not only lose the type conversion native to PreparedStatement methods, but you also get vulnerable to malicious code being executed in the database.

Second, PreparedStatements are previously cached in the very database itself, and this already gives a very good performance improvement over plain Statements.