Prepared Statement has a big deal on performance..As database query string which only compiles at database engine one time rather than Statement query which got compiles every time you execute query....
Tristan Van Poucke wrote:...
If I call this method several times, will the statement be prepared over and over again?
Thus leaving me only with the security side of the benefits of prepared statements.
It is prepared over and over, because you call it over and over. But you don't only get the security benefit.
Because you use a prepared statement with parameter binding, your database will most likely recognize this query, and reuse it's execution plan. It won't do that if you paste your values into the sql string.
OCUP UML fundamental and ITIL foundation
Well don't expect me to do the dishes! This ad has been cleaned for your convenience: