JDBC driver precompiles the PreparedStatement to a SQL statement which involves mapping parameters from Java data type to SQL data type.
Then the precompiled statement is pooled in the Oracle database.
PreparedStatement has the following advantages over normal Statement:
- protection against SQL-injection attack
- if you reuse the PreparedStatement instance in java with other parameters, JDBC driver wont need to precompile it again
- Oracle database can reuse the pooled SQL statement
But if you don't use query parameters then Statement and PreparedStatement behave the same way.