posted 13 years ago
I think Statement can be used for one-time call, say to get the user details.
PreparedStatement is pre-compiled, so it can be used for queries which are repeatedly executed with different parameters.
Besides, unlike Statement, there is no chance of SQL injection with PreparedStatement.