I recently started using ready-made statements in a web application again, and I know that it is not recommended to use prepared statements for all transactions. I do not know when it is best to use prepared statements or not.
I read when to use and not use them, but none of the examples speaks of the best practice for their use.
I am trying to figure out which database calls I should use for them and which I should not.
For example, the MySQL website mentions it in "When to Use Prepared Statements" on the next page Prepared MySQL Statements
The general rule of thumb when deciding whether to go to PreparedStatement or not:
Use prepared statements unless you have sufficient reason not to. Prepared reports are prepared before execution, therefore lending to increase productivity and increase security from SQL injection as a database server takes care of special character encoding.
According to the article you referred to, a list of reasons why I think prepared statements are less useful than regular queries or stored procedures:
SQL Injection, Java
: SQL-
PreparedStatements :
, PreparedStatement , , , , PreparedStatement , .
, " " , , SQL- ; PreparedStatement, , PreparedStatements SQL-.