Tristan Van Poucke wrote:...
If I call this method several times, will the statement be prepared over and over again?
Thus leaving me only with the security side of the benefits of prepared statements.
It is prepared over and over, because you call it over and over. But you don't only get the security benefit.
Because you use a prepared statement with parameter binding, your database will most likely recognize this query, and reuse it's execution plan. It won't do that if you paste your values into the sql string.