Below are the steps involved to execute normal query using Java.
1.Java code will transfer the query to database
2. Database will compile the query.
3. Database will execute the query.
For prepared statement, first time all three steps will take part but from 2nd time onwards, step 1 and 3 only takes part in execution. Step -2 will be eliminated.
But for statement all thee steps will take part in execution of a query. It means that prepared statement is pre-compiled. Due to this, prepared statement is better in view of performace and in view of sql injection both.