dsa4214 2012-06-25 19:11
浏览 27
已采纳

本地准备的陈述:它们是如此有限?

An informative-sounding blog post from 2006 states these facts about using native prepared statements in PDO:

  1. Native prepared statements cannot take advantage of the query cache, resulting in lower performance.
  2. Native prepared statements cannot execute certains types of queries, such as "SHOW TABLES".
  3. Native prepared statements don't correctly communicate column lengths for certain other "SHOW" queries, resulting in garbled results.

How much of this is still true today?

  • 写回答

2条回答 默认 最新

  • douzhenchun6782 2012-06-25 19:24
    关注

    No, this is not true if you are using a recent MySQL version. At least to the most part.

    1. Prepared statements make use of the query cache since MySQL 5.1.17.

    2. Nearly all SQL statements can be run as prepared statements. You can find a list in the MySQL docs. SHOW TABLES in particular is not in that list, but in all honestly, have you ever used that SQL statement from PHP?

    3. I don't know anything about that, but I'd assume that it is fixed.

    Don't forget that the emulation of prepared statements is not encoding-safe and as such may (depending on the exact condition) still allow SQL injections.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 slaris 系统断电后,重新开机后一直自动重启
  • ¥15 51寻迹小车定点寻迹
  • ¥15 谁能帮我看看这拒稿理由啥意思啊阿啊
  • ¥15 关于vue2中methods使用call修改this指向的问题
  • ¥15 idea自动补全键位冲突
  • ¥15 请教一下写代码,代码好难
  • ¥15 iis10中如何阻止别人网站重定向到我的网站
  • ¥15 滑块验证码移动速度不一致问题
  • ¥15 Utunbu中vscode下cern root工作台中写的程序root的头文件无法包含
  • ¥15 麒麟V10桌面版SP1如何配置bonding