Prepared statements are much faster if you must run the same statement several times with different data. This is because SQL will check the query only once, whereas if you just use the statement, it will check the query each time.
Another advantage of using PreparedStatements is to avoid SQL injection vulnerability, although in your case your query is so simple that you did not notice it.
At your request, the difference between running a prepared statement and an statement is probably not significant.
EDIT: In response to your comment below, you will need to carefully examine the DAO class to see what it does. If, for example, every time a method is called, it re-creates a prepared statement, then you lose the advantage of using prepared statements.
What you want to achieve is encapsulating your persistence level so that they are not a specific call to MySQL or Postgres or what you are using, and at the same time take advantage of the performance and security of things like prepared statements. To do this, you need to rely on your own Java objects, such as PreparedStatement ,.
I personally would build my own DAO class to perform CRUD operations using Hibernate under and the Java Persistence API to encapsulate all of this and should use prepared instructions for security benefits. If you have a specific use case for repeated operations, I would tend to wrap it in my own object.
Hibernate can be configured to use any database provider that you use via an XML file, and thus it provides very neat encapsulation of your persistence level. However, it is a rather complicated product to get it right!
source share