Following are the advantages of the prepared statement:
By avoiding multiple compilation and execution of statements, prepared statements perform faster.
Using prepared statements, we can insert values to advanced datatypes such as BLOB, CLOB, OBJECT easily with the help of the setter methods provided by the PreparedStatement interface.
By providing setter method to set values prepared statement avoids the use of quotes and other special characters with in the query, and thereby it escapes the SQL injection attacks
Following are the limitations of prepared statements:
Since a PreparedStatement object represents only one SQL statement at a time, we can execute only one statement by one prepared statement object.
To prevent injection attacks it does not allow more than one value to a place holder.