This week's giveaway is in the EJB and other Java EE Technologies forum. We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line! See this thread for details.
Prepared Statement has a big deal on performance..As database query string which only compiles at database engine one time rather than Statement query which got compiles every time you execute query....
Tristan Van Poucke wrote:...
If I call this method several times, will the statement be prepared over and over again?
Thus leaving me only with the security side of the benefits of prepared statements.
It is prepared over and over, because you call it over and over. But you don't only get the security benefit.
Because you use a prepared statement with parameter binding, your database will most likely recognize this query, and reuse it's execution plan. It won't do that if you paste your values into the sql string.