prepared statements in mysqli?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


  mysqli in PHP5 comes with prepared statements functionality.  However,
without persistent connections or connection pooling in this code
library, one has to ask:  why bother?

  are prepared statements 'remembered' by the server for a while between
connections, so that new connections can take advantage of them, or are
they really only useful for those pages/requests that are executing a
huge amount of DML in a single shot.


Re: prepared statements in mysqli?

Quoted text here. Click to load it

I believe that prepared statements come with implicit quoting for
substituted values, so you don't have to fill your code with calls
to addslashes(), or risk SQL errors (and maybe your site getting
hacked) when someone decides to put single quotes or other nasty
characters into a web form.  This may prove to be useful even if
no prepared statement is ever used more than once.

                    Gordon L. Burditt

Site Timeline