PreparedStatements extend the Statement interface and provide support for adding parameters to SQL statements.
SQL statements that are passed to the database go through a two-step process in returning results to you. They are first prepared and then are processed. With Statement objects, these two phases appear to be one phase to your applications. PreparedStatements allow these two steps to be broken apart. The preparation step occurs when the object is created and the processing step occurs when the executeQuery, executeUpdate, or execute method are called on the PreparedStatement object.
Being able to split the SQL processing into separate phases are meaningless without the addition of parameter markers. Parameter markers are placed in an application so that it can tell the database that it does not have a specific value at preparation time, but that it provides one before processing time. Parameter markers are represented in SQL statements by question marks.
Parameter markers make it possible to make general SQL statements that are used for specific requests. For example, take the following SQL query statement:
SELECT * FROM EMPLOYEE_TABLE WHERE LASTNAME = 'DETTINGER'
This is a specific SQL statement that returns only one value; that is, information about an employee named Dettinger. By adding a parameter marker, the statement can become more flexible:
SELECT * FROM EMPLOYEE_TABLE WHERE LASTNAME = ?
By simply setting the parameter marker to a value, information can be obtained about any employee in the table.
PreparedStatements provide significant performance improvements over Statements because the previous Statement example can go through the preparation phase only once and then be processed repeatedly with different values for the parameter.
For more information about using prepared statements, including creating prepared statements, specifying result set characteristics, working with auto-generated keys, and setting parameter markers, see the following pages: