| The query is compiled every time we run the program. | The query is compiled only once. |
| It is used in the situation where we need to run the SQL query WITHOUT providing parameters at runtime. | It is used when we WANT to give input parameters to the query at runtime. |
| Performance is less COMPARED to PreparedStatement. | Provides better performance than Statement, as it executes the pre-compiled SQL statements. |
| It is suitable for executing DDL statements such as CREATE, ALTER, DROP and TRUNCATE. | It is suitable for executing DML statements such as INSERT, UPDATE, and DELETE. |
| It cannot be used for storing/retrieving images and files in the database. | It can be used for storing/retrieving images and files in the database. |
| It executes static SQL statements. | It executes pre-compiled SQL statements. |
| Less SECURED as it enforces SQL injection. | More secured as they use bind variables, which can prevent SQL injection. |
