I have two decades SQL experience, but not specifically with Oracle. An ‘Oracle expert’ assures me that building a SQL query without parameters (like this):

SELECT t.ID, t.Name, t.Address ... FROM Table1 t WHERE t.ID = 'someID' AND t.Name = 'someName'...

is at least as fast as using parameters (like this)

SELECT t.ID, t.Name, t.Address ... FROM Table1 t WHERE t.ID = ? AND t.Name = ?

The code is executed in a loop.

In most other databases I have experience with, using parameters increases speed. It allows the database to cache the compiled plan that matches the SQL statement. Since the SQL does not change per invocation (although the parameters do) this improves performance. The database simply binds the parameters and continues.

The ‘Oracle expert’ states that this is not necessary. But obviously, Oracle needs to ‘parse out’ the parameters, match the remaining string to a cached execution plan, then rebind the parameters as if they were passed along as parameters in the first place.

Do I have the correct mental picture here? Is there something ‘magical’ about Oracle that it really does not make a difference how we approach our parameter passing/SQL building strategy?

Are there thoughts about Java / JDBC / Oracle thin driver that I am not aware of that I should be aware of here?

I am looking to either reinforce my understanding or to expand my knowledge.

(Security concerns aside please, I understand that building SQL strings allows for SQL injection attacks, I am looking for more direct ammunition to use against the experts opinion – if it exists).

Other details: Oracle 11gR2, Java 1.6