Rob,
I'm not that experienced on this topic but hopefully I know enough to answer at least part of your question.
Prepared statements are pre compiled so that the SQL statement itself is sent to the DB engine before its executed. So everytime you execute that statement the DB only has to perform the "execute" step of the SQL execution plan. This is much better performance although
JDBC does not guarantee it. You can also parameterize your prepared statement to give it a little more flexibility.
Also, I actually posted a message a few hours ago about setting up a DataSource for connection pooling in MySQL (via WSAD) and got a very good response. I've been able to get it to work. It makes for faster performance as well as cleaner code. It also makes the connection available to the entire app, in case you wanted to establish a connection in a
java bean outside of your web project.
As we all know, establishing a connection is an expensive process and connection pools allow you to incur this expense only once which is especially useful if you have many transactions that require database activity.
I would also advise you to not architect your app in such a way that the jsp would know anything about a connection, leave that up to a servlet/EJB or perhaps a java bean.
I can't really speak to the effects of timeouts etc... as this is a very complex problem in any database programming.
Hope this helps and hopefully a java guru can add on to what I say in case it is unclear.
Ray