Select the correct answerWhich of the following is advantage of using PreparedStatement in Java?OptionsPrevents SQL injectionEncourages SQL injectionSlow performanceMore memory usage

The correct answer is "Prevents SQL injection".

Here's why:

1. PreparedStatement in Java is used to execute parameterized queries.

2. It allows us to write dynamic and reusable SQL queries, which can accept inputs at runtime.

3. The main advantage of using PreparedStatement is that it helps to prevent SQL Injection attacks. In SQL Injection, an attacker can insert malicious SQL statements into the query, which can lead to data theft or data loss.

4. PreparedStatement achieves this by using parameterized queries. Instead of embedding user inputs directly into the query, it uses placeholders. These placeholders are then replaced with user inputs, which are automatically escaped by the JDBC driver, preventing any SQL injection.

5. Therefore, the statement "Prevents SQL injection" is the correct answer.

The other options are incorrect because:

• Encourages SQL injection: This is incorrect as PreparedStatement helps prevent SQL injection, not encourage it.

• Slow performance: This is incorrect as PreparedStatement can actually improve performance by reducing the time needed to execute the SQL statements.

• More memory usage: This is also incorrect. While PreparedStatement might use a bit more memory than regular Statement due to its additional features, the difference is usually negligible and is outweighed by its benefits.