I understand from my recent use of PHP-PDO over the last few months that you can do a PREPARE statement and then run the query. In fact I can see the usefulness of this if I'm going to either SELECT on a complex join, varying the where conditions, a repeated number of times.
Or, similarly, if I was wanting to insert multiple records.
However, if I know I only want to run a statement once, shouldn't I just EXECUTE the query? I'm basically querying the database twice.
分享 It depends if you have any input you need to escape to prevent sql injection.
According to the manual on PDO::quote:
If you are using this function to build SQL statements, you are strongly recommended to use PDO::prepare() to prepare SQL statements with bound parameters instead of using PDO::quote() to interpolate user input into an SQL statement. Prepared statements with bound parameters are not only more portable, more convenient, immune to SQL injection, but are often much faster to execute than interpolated queries, as both the server and client side can cache a compiled form of the query.
分享
