DECREASE DEVELOPMENT TIME WITH PREPAREDSTATEMENTS

The java.sql.Statement class, one of the four main classes in the Java
Database Connectivity (JDBC) application program interface (API), can
require a great deal of a developer's time and concentration. A common
problem when using the Statement class to gain JDBC access is entering 
the
proper formatting of dates and timestamps: 2002-02-05 20:56 or 02/05/02 
8:56
PM.

This problem is solved automatically by using the
java.sql.PreparedStatement. A PreparedStatement is obtained from a 
java.sql.Connection object
and an SQL string is supplied, which contains question mark characters 
(?)
that show where the variables are located. The variables are then
provided, and the statement is executed. For example:

String sql = "SELECT * FROM People p WHERE p.id = ? AND p.name = ?";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setInt(1,id);
ps.setString(2,name);
ResultSet rs = ps.execute();

Another advantage of using the PreparedStatement is that the string
isn't dynamically created. Here's an example of a dynamically created 
string:

String sql = "SELECT * FROM People p WHERE p.i = "+id;

This allows the Java Virtual Machine (JVM) and Driver/Database to cache
statements and strings and improve performance.

PreparedStatements also provide database independence. When there's 
less
SQL to explicitly state, there's less SQL to potentially be dependant 
on
the database.

Due to the many advantages of PreparedStatements, developers may elect
to use them by default and only lower themselves to use a normal 
Statement
class when it's absolutely necessary for performance reasons or when
there are no variables in a line of SQL.

----------------------------------------