PreparedStatement interface:

It is used to execute a SQL parameterized query and it compiles only one time and we can use it many times. It extends the Statement interface. It is more secure then Statement interface and safely provide values to the SQL parameters, with the help of setter methods (i.e. setInt(int,int), setString(int,String), etc.).

Example of parameterized query:

 String inStr="insert into employee values(?,?,?,?)";  

The question mark represents parameter for PreparedStatement query.

Example of PreparedStatement Interface to insert records:

    import java.sql.*;  
    import java.io.*;  
    class PrepareStmt{  
    public static void main(String args[])throws Exception{  
    Class.forName("oracle.jdbc.driver.OracleDriver");  
    Connection conn=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe","system","oracle");  
      
    PreparedStatement ps=conn.prepareStatement("insert into emp130 values(?,?,?)");  
      
    BufferedReader br=new BufferedReader(new InputStreamReader(System.in));  
      
    do{  
    System.out.println("enter  Employee id:");  
    int Emp_id=Integer.parseInt(br.readLine());  
    System.out.println("enter Employee name:");  
    String Emp_name=br.readLine();  
    System.out.println("enter Employee salary:");  
    float salary=Float.parseFloat(br.readLine());  
      
    ps.setInt(1,Emp_id);  
    ps.setString(2,Emp_name);  
    ps.setFloat(3,salary);  
    int i=ps.executeUpdate();  
    System.out.println(i+" records affected");  
      
    System.out.println("Do you want to continue: y/n");  
    String st=br.readLine();  
    if(st.startsWith("n")){  
    break;  
    }  
    }while(true);  
      
    con.close();  
    }}  

Each question mark represents one value and it is known as parameter marker. Values for question mark should be provided before the SQL statement is executed