difference between statement and preparedstatement

In JDBC, you can pass an SQL query or command in a "Statement" object.
A "PreparedStatement" object is a Statement that also supports passing parameters to the query.

From the last I quote:
"Because PreparedStatement objects are precompiled, their execution can be faster than that of Statement objects.
Consequently, an SQL statement that is executed many times is often created as a PreparedStatement object to increase efficiency."

HI

con.createStatement("select * from emp where eno="+eno);
con.prepareStatement("select * from emp where eno=?);


WHaT Benifits Preparedstatement give over statement when i write  quesries like that?

> i heard preparedstatements comes as compiled statements ?what is the
> meaning by that?

PreparedStatements are precompiled into the database and this is more efficient when you have to execute a query several times.

PreparedStatements can also be slower.

> WHaT Benifits Preparedstatement give over statement when i write  
> quesries like that?

Another benefit is that you do not have to worry about special characters in the string "eno" when you use a PreparedStatement.

> WHaT Benifits Preparedstatement give over statement when i write  quesries like that?

none, unless you are executing the same query multiple times.

read this thread:

http://www.jguru.com/faq/view.jsp?EID=693

PreparedStatement goes a long way to preventing SQL Injection attacks...

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

:)

Thanks