- The Prepared Statement is a slightly more powerful version of a Statement
- The Prepared Statement may be parameterized while Statement can’t be.
- If you want to execute a query in a loop (more than 1 time), then prepared statement can be faster
- Parameterized query is a good way to avoid SQL Injection, which is only available in Prepared Statement.
- Prepared statements offer two main advantages
- The overhead of compiling and optimizing the statement is incurred only once
- Prepared statements are resilient against SQL injection
Statement vs. Prepared Statement
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment