Hello,
Is there a good way to make PreparedStatements with a variable number
of parameters?
My queries look something like this:
SET @rowid := null;
SELECT * FROM (
SELECT
id,
name,
@rowid := COALESCE(@rowid + 1, 1) AS rowid
FROM
mytable
ORDER BY
name
) AS myquery
WHERE rowid IN (5, 7, 12, 20);
And I can have a variable number of IN terms.
At the moment, I'm building the PreparedStatement with a concatenated
String.
I've seen another discussion of this topic online, and the final
implementation used there was to build a cache of PreparedStatements,
so you would (hopefully) only have to concatenate the String once. But
I have so many different combinations it's unlikely the same query will
come up twice in quick succession.
Is this really the best way of doing things. Indeed, is there any
(beyond security) benefit of using PreparedStatements in this case?
Thanks,
Matt.