标题: PreparedStatement [打印本页] 作者: bellszhu 时间: 2013-01-17 23:55 标题: PreparedStatement The advantages of Prepared Statements are:
1. As the execution plan get cached, performance will be better.
2. It is a good way to code against SQL Injection as escapes the input values.
3. When it comes to a Statement with no unbound variables, the database is free to optimize to its full extent. The individual query will be faster, but the down side is that you need to do the database compilation all the time, and this is worse than the benefit of the faster query.
Other than training purpose it is better to use PreparedStatement to get full benefits and close all loopholes.