Hi @vishalcool88,
Camunda uses prepared statements. If you want to dig deeper, Camunda uses the MyBatis ORM library and you can find most of the mappings here: https://github.com/camunda/camunda-bpm-platform/tree/master/engine/src/main/resources/org/camunda/bpm/engine/impl/mapping
Cheers,
Thorben