In DB aspect, each Statement is different. Thus, even the DB cache the Statement, the hit ratio will be low unless the EXACT statement is being executed again.
In addition, the following statetments are different:
SELECT * FROM TABLE WHERE ID='10';
and
SELECT * FROM TABLE WHERE ID = '10';
For PreparedStatement, if the same SQL is used, but only parameter is different, like:
SELECT * FROM TABLE WHERE ID='10';
AND
SELECT * FROM TABLE WHERE ID='20';
If you use Statement, the cached SQL will not be reused. However, if you used:
SELECT * FROM TABLE WHERE ID=?;
This SQL can be reused by passing different values of IDs in it.
In addition, for security reason, PreparedStatement is better, as you cannot directly pass a SQL to the server for execution.
For example, if you pass the SQL directly:
The hacker may delete all records inside the DB.
But if you use PrepareStatement, you can avoid direct execution of SQL.
Of course, it all depends on how your data interaction design.
Nick
SCJP 1.2, OCP 9i DBA, SCWCD 1.3, SCJP 1.4 (SAI), SCJD 1.4, SCWCD 1.4 (Beta), ICED (IBM 287, IBM 484, IBM 486), SCMAD 1.0 (Beta), SCBCD 1.3, ICSD (IBM 288), ICDBA (IBM 700, IBM 701), SCDJWS, ICSD (IBM 348), OCP 10g DBA (Beta), SCJP 5.0 (Beta), SCJA 1.0 (Beta), MCP(70-270), SCBCD 5.0 (Beta), SCJP 6.0, SCEA for JEE5 (in progress)