A, PrepareStatement is precompiled, faster than the speed Statement
Because pre-compiled statements are likely to be called repeatedly so the statement is cached in the code execution after the compiler is DB, then the next call; each database will make every effort to provide maximum sentence precompiled performance optimization. As long as the same prepared statement on the need to compile, as long as the parameters directly into the compiled statement code execution (the equivalent of a function) will be implemented; this does not mean that precompiled only executed more than once a Connection statement is cached, but for the entire DB, as long as precompiled statement syntax and cache match, at any time, you may not need to compile again and can be executed directly; and the statement of the statement, even if the operation is the same as a while due to the different data each operation so the opportunity to match the entire statement of tiny, almost impossible to match.
Two, PrepareStatement more security Comparative Statement
Statement adopted method is to first assemble the SQL statement, and then execute sql command, error prone
E.g:
If we [ 'or' 1 '=' 1] as kspwd incoming come in can still succeed
But with PrepareStatement a whole new ballgame
Facts have proved that: PrepareStatement method is more safe and efficient