What is the difference between parameterized queries and prepared statements?
Both parameterized queries and prepared statements are exactly the same thing. Prepared statement seems to be the more commonly used term, but there is no difference between both terms. Parameterized queries and prepared statements are features of database management systems that that basically act as templates in which SQL can be executed. The actual values that are passed into the SQL are the parameters (for example, which value needs to be searched for in the WHERE clause), which is why these templates are called parameterized queries. And, the SQL inside the template is also parsed, compiled, and optimized before the SQL is sent off to be executed – in other words “prepared”. That is why these templates are often called prepared statements as well. So, just remember that they are two different names for the same thing. You can read a more detailed description about prepared statements (a.k.a. parameterized queries) and why they are useful here: Prepared statements and SQL injection.