I don't know that sample code would really clear anything up as to what the difference is between the 2. Basically, when you use a PreparedStatement, the SQL statement is preprocessed before being sent to the DB. If you just us a Statement the SQL is sent straight to the DB without ever being processed. The reason this can be a problem is because of special characters. So if you used a contraction like don't won't can't isn't as data inside your SQL, the ' is a special SQL character that needs to be escaped before it hits the DB. This is what PreparedStatement will do for you. Personally, I almost always use a PreparedStatement when inserting and updating data in the DB not only because of the reasons mentioned above, but because I like the syntax and how you formulate your query better. It looks neater, and I am a code neat freak.
Your JDBC Driver actually does the preprocessing. You have to understand that a DB REALLY doesn't understand SQL. When you submit SQL to a database, it actually goes through a preprocessor that converts the SQL into the language that the DB can understand and use. This processing typically happens on the DB itself.
Joined: May 16, 2002
Thanks........i will read more about it and probably i will come up with more questions............thanks.