jdbc PreparedStatement


A PreparedStatement declares the statement before it is executed, and allows for placeholders for parameters. This allows the statement to be prepared (and optimized) once on the server, and then reused with different sets of parameters.

The added benefit of the parameter placeholders, is that it provides protection against SQL injection. This is achieved either by sending the parameter values separately, or because the driver escapes values correctly as needed.