I don't know that sample code would really clear anything up as to what the difference is between the 2.
Basically, when you use a PreparedStatement, the SQL statement is preprocessed before being sent to the DB.
If you just us a Statement the SQL is sent straight to the DB without ever being processed.
The reason this can be a problem is because of special characters. So if you used a contraction like don't won't can't isn't as data inside your SQL, the
' is a special SQL character that needs to be escaped before it hits the DB. This is what PreparedStatement will do for you.
Personally, I almost always use a PreparedStatement when inserting and updating data in the DB not only because of the reasons mentioned above, but because I like the syntax and how you formulate your query better. It looks neater, and I am a code neat freak.