Not when it is used incorrectly, that is, in the same way as the regular
Statement.
Please have a look at the
PreparedStatement API and the
JDBC tutorial. The trick is that you do not put the values into the text of the statement itself, but replace them with question marks (
?) and use proper
setXxxx methods (eg.
setString) to set their values. When used this way, you don't need to handle any special characters.