1: Prepared statements filter the variables. This helps reduce the SQL Injection attack surface.
2: If you are in a loop, creating the prepared statement outside of the loop and then just changing the variable is faster. Now, this brings up the question, why are yo doing SQL in a loop. But that is a different problem to solve. ?