What is the difference between Statement and PreparedStatement in JDBC, and when would you use each?

In JDBC, Statement and PreparedStatement are both used to execute SQL queries. However, there are some key differences between the two:

• Statement: Statement in JDBC is used to execute static SQL queries. It is a basic interface that sends SQL statements to the database for execution.
• PreparedStatement: PreparedStatement is a precompiled SQL statement that can be used multiple times with different parameters. It provides better performance and security by preventing SQL injection attacks.

When to use each:

• Use Statement when you have a simple, static SQL query that does not require input parameters or when you need to execute a one-time query.
• Use PreparedStatement when you have a dynamic SQL query that requires input parameters or when you need to execute the same query multiple times with different values.

Overall, PreparedStatement is recommended for most scenarios due to its performance benefits and protection against SQL injection attacks.