Statement vs. Prepared Statement

  • The Prepared Statement is a slightly more powerful version of a Statement
  • The Prepared Statement may be parameterized while Statement can’t be. 
  • If you want to execute a query in a loop (more than 1 time), then prepared statement can be faster
  • Parameterized query is a good way to avoid SQL Injection, which is only available in Prepared Statement.
  • Prepared statements offer two main advantages
    • The overhead of compiling and optimizing the statement is incurred only once
    • Prepared statements are resilient against SQL injection

No comments:

Post a Comment