[nycphp-talk] Trying to decide between MDB2 and PHP PDO
Hans Zaunere
lists at zaunere.com
Fri Jun 26 02:13:07 EDT 2009
> >> Wait, are you advocating //against// prepared statements?
> >
> > Not at all, but when using mysql, you should emulate them. I am
> > actually all for "prepared" style queries, if I ever see
> > "mysqli_real_escape_string" in someone's code, I immediately write the
> > person off as clueless.
>
> What's so clueless about using mysql_real_escape_string()? I would be
> interested to find out.
Nothing in my opinion. Prepared statements can be a benefit in various
situations, with those benefits being largely dictated by the database in
use. With MySQL, prepared statements often are an actual drag, rather than
benefit.
Consider:
http://dev.mysql.com/doc/refman/5.1/en/c-api-prepared-statements.html
A key statement being:
"Prepared execution is an efficient way to execute a statement more than
once."
Most statements aren't executed more than once in a typical web
application/request/response cycle.
Cases where I would use prepared statements:
-- batch processes where the same queries are executed numerous times with
varying data
-- dealing with large data storage (blobs, etc.)
H
More information about the talk
mailing list