The main feature of a PreparedStatement object is that, unlike a
Statement object, it is given a SQL statement when it is created. The
advantage to this is that in most cases, this SQL statement is sent to
the DBMS right away, where it is compiled. As a result, the
PreparedStatement object contains not just a SQL statement, but a SQL
statement that has been precompiled. This means that when the
PreparedStatement is executed, the DBMS can just run the
PreparedStatement SQL statement without having to compile it first.
# 1 楼答案
语句在每次使用时都会被编译。PreparedStatement是预编译的,因此可以在后续请求中节省编译时间。这只是一个原因
请查看他们的文档以了解更多差异
# 2 楼答案
从Oracle's documentation
但使用预处理语句的最大原因是,您不必对输入进行清理并将其格式化为字符串:所有预处理语句API都以安全高效的方式为您完成了这一任务