JDBC PreparedStatement 的命名参数实现
2022-08-02 00:43:00 【allway2】
Named Parameters for PreparedStatement | InfoWorld
PreparedStatement 语法问题
PreparedStatement 的问题源于其参数语法。参数是匿名的,并通过索引访问,如下所示:
PreparedStatement p = con.prepareStatement("select * from people where
(first_name = ? or last_name = ?) and address = ?");
p.setString(1, name);
p.setString(2, name);
p.setString(3, address);
对于带有一两个参数的小型查询,这不是问题。但是,对于较大的查询,跟踪索引变得非常困难。开发人员必须仔细阅读 SQL 语句并计算问号以确定参数插入的位置。如果删除或插入参数,则必须重新编号所有后续参数索引。很明显,如果参数接近语句的开头并且有多个参数,或者如果查询被重组以使参数以不同的顺序出现,这可能会出现问题。
另一个不便之处是设置多个在逻辑上可能相同的参数。这可能发生在诸如select * from people where first_name=? or last_name=?
. (这个特定的查询可以重写为select * from people where ? in (first_name, last_name)
PreparedStatement p = con.prepareStatement("select * from people where
(first_name = ? or last_name = ?) and address = ?");
int i = 1;
p.setString(i++, name);
p.setString(i++, name);
p.setString(i++, address);
。语法与 PreparedStatement 相同,只是参数表示为冒号后跟标识符,而不是问号。
String query = "select * from people where (first_name = :name or last_name
= :name) and address = :address");
NamedParameterStatement p = new NamedParameterStatement(con, query);
p.setString("name", name);
p.setString("address", address);
在幕后,该类通过用问号替换参数标记并创建 PreparedStatement 来工作。在参数名称和它们的索引之间保留一个映射。注入参数时会引用此映射。这两个类是相互兼容的,因此程序员可以在他们认为合适的情况下将 PreparedStatement 用于某些查询,并将 NamedParameterStatement 用于其他查询。
方法。NamedParameterStatement 可以预先创建、附加到连接、使用和分离。但是,缓存(和同步,如有必要)这些对象所花费的时间可能会超过创建新对象所需的时间。
在我的计算机上针对一张小表对上述查询进行的测试给出了 NamedParameterStatement 的 352 微秒、AttachableNamedParameterStatement(无同步)的 325 微秒和原始 PreparedStatement 的 332 微秒的时间。翻译一个查询大约需要 6 微秒。不可思议的是,AttachableNamedParameterStatement 始终比原始 PreparedStatement 稍有优势。由于垃圾收集、即时编译等原因,对 Java 代码进行基准测试是出了名的困难,因此对这些结果应该持保留态度。
NamedParameterStatement 作为 PreparedStatement 的直接替代品是有效的,无需配置。新类提供的更简单的界面可以提高程序员的工作效率。也许更重要的是,维护更容易,因为代码更具可读性。
//STEP 1. Import required packages
import java.sql.*;
public class JDBCNamedParameterStatement {
// JDBC driver name and database URL
static final String DB_DRIVER_CLASS_NAME = "com.mysql.cj.jdbc.Driver";
static final String DB_URL = "jdbc:mysql://localhost:3306/emp?autoReconnect=true&useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai";
// Database credentials
static final String DB_USERNAME = "root";
static final String DB_PASSWORD = "root";
public static void main(String[] args) {
Connection conn = null;
try {
//STEP 2: Register JDBC driver
//STEP 3: Open a connection
System.out.println("Connecting to database...");
conn = DriverManager.getConnection(DB_URL, DB_USERNAME, DB_PASSWORD);
//STEP 4: Execute a query
System.out.println("Creating statement...");
String query = "SELECT id, first, last, age FROM Employees where id=:id";
NamedParameterStatement p = new NamedParameterStatement(conn, query);
p.setInt("id", 100);
ResultSet rs = p.executeQuery();
//STEP 5: Extract data from result set
while (rs.next()) {
//Retrieve by column name
int id = rs.getInt("id");
int age = rs.getInt("age");
String first = rs.getString("first");
String last = rs.getString("last");
//Display values
System.out.print("ID: " + id);
System.out.print(", Age: " + age);
System.out.print(", First: " + first);
System.out.println(", Last: " + last);
//STEP 6: Clean-up environment
} catch (SQLException se) {
//Handle errors for JDBC
} catch (Exception e) {
//Handle errors for Class.forName
} finally {
//finally block used to close resources
try {
if (conn != null) {
} catch (SQLException se) {
}//end finally try
}//end try
}//end main
}//end JDBCExample
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.Timestamp;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
* This class wraps around a {@link PreparedStatement} and allows the programmer
* to set parameters by name instead of by index. This eliminates any confusion
* as to which parameter index represents what. This also means that rearranging
* the SQL statement or adding a parameter doesn't involve renumbering your
* indices. Code such as this:
* Connection con=getConnection(); String query="select * from my_table where
* name=? or address=?"; PreparedStatement p=con.prepareStatement(query);
* p.setString(1, "bob"); p.setString(2, "123 terrace ct"); ResultSet
* rs=p.executeQuery();
* can be replaced with:
* Connection con=getConnection(); String query="select * from my_table where
* name=:name or address=:address"; NamedParameterStatement p=new
* NamedParameterStatement(con, query); p.setString("name", "bob");
* p.setString("address", "123 terrace ct"); ResultSet rs=p.executeQuery();
* Sourced from JavaWorld Article @
* http://www.javaworld.com/javaworld/jw-04-2007/jw-04-jdbc.html
* @author adam_crume
public class NamedParameterStatement {
* The statement this object is wrapping.
private final PreparedStatement statement;
* Maps parameter names to arrays of ints which are the parameter indices.
private Map<String, int[]> indexMap;
* Creates a NamedParameterStatement. Wraps a call to c.{@link Connection#prepareStatement(java.lang.String)
* prepareStatement}.
* @param connection the database connection
* @param query the parameterized query
* @throws SQLException if the statement could not be created
public NamedParameterStatement(Connection connection, String query) throws SQLException {
String parsedQuery = parse(query);
statement = connection.prepareStatement(parsedQuery);
* Parses a query with named parameters. The parameter-index mappings are
* put into the map, and the parsed query is returned. DO NOT CALL FROM
* CLIENT CODE. This method is non-private so JUnit code can test it.
* @param query query to parse
* @param paramMap map to hold parameter-index mappings
* @return the parsed query
final String parse(String query) {
// I was originally using regular expressions, but they didn't work well for ignoring
// parameter-like strings inside quotes.
int length = query.length();
StringBuffer parsedQuery = new StringBuffer(length);
boolean inSingleQuote = false;
boolean inDoubleQuote = false;
int index = 1;
HashMap<String, List<Integer>> indexes = new HashMap<String, List<Integer>>(10);
for (int i = 0; i < length; i++) {
char c = query.charAt(i);
if (inSingleQuote) {
if (c == '\'') {
inSingleQuote = false;
} else if (inDoubleQuote) {
if (c == '"') {
inDoubleQuote = false;
} else {
if (c == '\'') {
inSingleQuote = true;
} else if (c == '"') {
inDoubleQuote = true;
} else if (c == ':' && i + 1 < length && Character.isJavaIdentifierStart(query.charAt(i + 1))) {
int j = i + 2;
while (j < length && Character.isJavaIdentifierPart(query.charAt(j))) {
String name = query.substring(i + 1, j);
c = '?'; // replace the parameter with a question mark
i += name.length(); // skip past the end if the parameter
List<Integer> indexList = indexes.get(name);
if (indexList == null) {
indexList = new LinkedList<Integer>();
indexes.put(name, indexList);
indexMap = new HashMap<String, int[]>(indexes.size());
// replace the lists of Integer objects with arrays of ints
for (Map.Entry<String, List<Integer>> entry : indexes.entrySet()) {
List<Integer> list = entry.getValue();
int[] intIndexes = new int[list.size()];
int i = 0;
for (Integer x : list) {
intIndexes[i++] = x.intValue();
indexMap.put(entry.getKey(), intIndexes);
return parsedQuery.toString();
* Returns the indexes for a parameter.
* @param name parameter name
* @return parameter indexes
* @throws IllegalArgumentException if the parameter does not exist
private int[] getIndexes(String name) {
int[] indexes = indexMap.get(name);
if (indexes == null) {
throw new IllegalArgumentException("Parameter not found: " + name);
return indexes;
* Sets a parameter.
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setObject(int, java.lang.Object)
public void setObject(String name, Object value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setObject(indexes[i], value);
* Sets a parameter.
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setString(int, java.lang.String)
public void setString(String name, String value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setString(indexes[i], value);
* Sets a parameter.
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setInt(int, int)
public void setInt(String name, int value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setInt(indexes[i], value);
* Sets a parameter.
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setInt(int, int)
public void setLong(String name, long value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setLong(indexes[i], value);
* Sets a parameter.
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setTimestamp(int, java.sql.Timestamp)
public void setTimestamp(String name, Timestamp value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setTimestamp(indexes[i], value);
* Returns the underlying statement.
* @return the statement
public PreparedStatement getStatement() {
return statement;
* Executes the statement.
* @return true if the first result is a {@link ResultSet}
* @throws SQLException if an error occurred
* @see PreparedStatement#execute()
public boolean execute() throws SQLException {
return statement.execute();
* Executes the statement, which must be a query.
* @return the query results
* @throws SQLException if an error occurred
* @see PreparedStatement#executeQuery()
public ResultSet executeQuery() throws SQLException {
return statement.executeQuery();
* Executes the statement, which must be an SQL INSERT, UPDATE or DELETE
* statement; or an SQL statement that returns nothing, such as a DDL
* statement.
* @return number of rows affected
* @throws SQLException if an error occurred
* @see PreparedStatement#executeUpdate()
public int executeUpdate() throws SQLException {
return statement.executeUpdate();
* Closes the statement.
* @throws SQLException if an error occurred
* @see Statement#close()
public void close() throws SQLException {
* Adds the current set of parameters as a batch entry.
* @throws SQLException if something went wrong
public void addBatch() throws SQLException {
* Executes all of the batched statements.
* See {@link Statement#executeBatch()} for details.
* @return update counts for each statement
* @throws SQLException if something went wrong
public int[] executeBatch() throws SQLException {
return statement.executeBatch();
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.Timestamp;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
public class NamedParameterStatement implements AutoCloseable {
public static final int[] EMPTY = {};
* The statement this object is wrapping.
public final PreparedStatement statement;
* Maps parameter names to arrays of ints which are the parameter indices.
private final Map indexMap;
* Creates a NamedParameterStatement. Wraps a call to c.{@link Connection#prepareStatement(java.lang.String)
* prepareStatement}.
* @param connection the database connection
* @param query the parameterized query
* @throws SQLException if the statement could not be created
public NamedParameterStatement(Connection connection, String query) throws SQLException {
indexMap = new HashMap();
String parsedQuery = parse(query, indexMap);
statement = connection.prepareStatement(parsedQuery);
* Parses a query with named parameters. The parameter-index mappings are
* put into the map, and the parsed query is returned. DO NOT CALL FROM
* CLIENT CODE. This method is non-private so JUnit code can test it.
* @param query query to parse
* @param paramMap map to hold parameter-index mappings
* @return the parsed query
static String parse(String query, Map paramMap) {
// I was originally using regular expressions, but they didn't work well for ignoring
// parameter-like strings inside quotes.
int length = query.length();
final StringBuilder parsedQuery = new StringBuilder(length);
boolean inSingleQuote = false;
boolean inDoubleQuote = false;
int index = 1;
for (int i = 0; i < length; i++) {
char c = query.charAt(i);
if (inSingleQuote) {
if (c == '\'') {
inSingleQuote = false;
} else if (inDoubleQuote) {
if (c == '"') {
inDoubleQuote = false;
} else {
if (c == '\'') {
inSingleQuote = true;
} else if (c == '"') {
inDoubleQuote = true;
} else if (c == ':' && i + 1 < length
&& Character.isJavaIdentifierStart(query.charAt(i + 1))) {
int j = i + 2;
while (j < length && Character.isJavaIdentifierPart(query.charAt(j))) {
String name = query.substring(i + 1, j);
c = '?'; // replace the parameter with a question mark
i += name.length(); // skip past the end if the parameter
List indexList = (List) paramMap.get(name);
if (indexList == null) {
indexList = new LinkedList();
paramMap.put(name, indexList);
indexList.add(new Integer(index));
// replace the lists of Integer objects with arrays of ints
for (Iterator itr = paramMap.entrySet().iterator(); itr.hasNext();) {
Map.Entry entry = (Map.Entry) itr.next();
List list = (List) entry.getValue();
int[] indexes = new int[list.size()];
int i = 0;
for (Object aList : list) {
Integer x = (Integer) aList;
indexes[i++] = x.intValue();
return parsedQuery.toString();
* Returns the indexes for a parameter.
* @param name parameter name
* @return parameter indexes
* @throws IllegalArgumentException if the parameter does not exist
private int[] getIndexes(String name) {
int[] indexes = (int[]) indexMap.get(name);
if (indexes == null) {
// throw new IllegalArgumentException("Parameter not found: " + name);
return EMPTY;
return indexes;
* Sets a parameter.
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setObject(int, java.lang.Object)
public void setObject(String name, Object value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setObject(indexes[i], value);
public void setProperties(Map<String, Object> params) throws SQLException {
for (Map.Entry<String, Object> entry : params.entrySet()) {
int[] indexes = getIndexes(entry.getKey());
final Object value = entry.getValue();
Timestamp valueTS = null;
if (value != null && value.getClass() == Date.class) {
valueTS = new Timestamp(((Date) value).getTime());
for (int i : indexes) {
if (valueTS != null) {
statement.setTimestamp(i, valueTS);
} else {
statement.setObject(i, value);
* Sets a parameter.
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setString(int, java.lang.String)
public void setString(String name, String value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setString(indexes[i], value);
* Sets a parameter.
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setInt(int, int)
public void setInt(String name, int value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setInt(indexes[i], value);
* Sets a parameter.
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setInt(int, int)
public void setLong(String name, long value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setLong(indexes[i], value);
public void setDouble(String name, double value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setDouble(indexes[i], value);
* Sets a parameter.
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setTimestamp(int, java.sql.Timestamp)
public void setTimestamp(String name, Timestamp value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setTimestamp(indexes[i], value);
* Returns the underlying statement.
* @return the statement
public PreparedStatement getStatement() {
return statement;
* Executes the statement.
* @return true if the first result is a {@link ResultSet}
* @throws SQLException if an error occurred
* @see PreparedStatement#execute()
public boolean execute() throws SQLException {
return statement.execute();
* Executes the statement, which must be a query.
* @return the query results
* @throws SQLException if an error occurred
* @see PreparedStatement#executeQuery()
public ResultSet executeQuery() throws SQLException {
return statement.executeQuery();
* Executes the statement, which must be an SQL INSERT, UPDATE or DELETE
* statement; or an SQL statement that returns nothing, such as a DDL
* statement.
* @return number of rows affected
* @throws SQLException if an error occurred
* @see PreparedStatement#executeUpdate()
public int executeUpdate() throws SQLException {
return statement.executeUpdate();
* Closes the statement.
* @throws SQLException if an error occurred
* @see Statement#close()
public void close() throws SQLException {
* Adds the current set of parameters as a batch entry.
* @throws SQLException if something went wrong
public void addBatch() throws SQLException {
* Executes all of the batched statements.
* <p>
* See {@link Statement#executeBatch()} for details.
* @return update counts for each statement
* @throws SQLException if something went wrong
public int[] executeBatch() throws SQLException {
return statement.executeBatch();
public void setFetchSize(int rows) throws SQLException {
