What is the use of PreparedStatement in JDBC

What is the use of PreparedStatement in JDBC?

a) To execute SQL queries and retrieve results 
b) To insert, update, or delete data in a database 
c) To retrieve metadata about a database 
d) To handle exceptions in JDBC operations 


b) To insert, update, or delete data in a database 


PreparedStatement in JDBC is used to execute parameterized SQL statements for inserting, updating, or deleting data in a database. 

The PreparedStatement interface in JDBC serves several purposes: 


PreparedStatement is often faster than using a standard Statement because it allows a SQL statement to be precompiled and reused. This can be more efficient if the same SQL statement is executed multiple times, especially for DBMS that cache the execution plan for a query. 


PreparedStatement can help prevent SQL injection attacks. When you use a PreparedStatement, placeholders can be used for the parameters, and they're handled in a way that doesn't allow for SQL injection. 

Ease of Use: 

PreparedStatement takes care of quoting and escaping the parameters. It converts Java data types into types that can be understood by the DBMS. 

Here's an example of how you might use a PreparedStatement:
reparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE name = ?");
statement.setString(1, "John Doe");
ResultSet resultSet = statement.executeQuery();
In this example, the "?" is a placeholder for a parameter that we set with statement.setString(1, "John Doe"). The executeQuery() method is then used to execute the SQL query.