- When should I use prepared statements? For any sort of query or just specific kinds?
- Should I be using prepared statements for SELECTING, or INSERTING, both, etc?
- When should I not use them?
Thanks.
Thanks.
Prepared statements should be used for queries containing parameters. Otherwise, they are a waste of resources.
Example:
$pdo->query("SELECT * FROM `table`"); //No need for preparing here, no parameters.
However
$pdo->prepare("SELECT * FROM `table` WHERE `id` = :id"); //Prepare.