IBM – Using bind variables in SQL statements can enhance the overall performance and security of your web application and is a particularly strong defense against SQL injection attacks. This article measures and compares the performance output of using bind variables, substitution variables, and literals in sample SQL statements.
It then demonstrates bind variables at work in a Java web application, where they’re used to protect the database against two common types of SQL injection attack.