On 27/02/2021 15:51, Pierre wrote:
Yes, but PDOStatement::execute() explicitly documents that it can be
used only for prepared queries.
The same is true of bindParam and bindValue - the only way of using
parameters is to first "prepare" a query. Whether that's a real prepare
(on the database server) or an emulated prepare doesn't make any
difference, as far as I know.
I'm not sure it requires two round trips when you use prepare() along
with emulated prepare
indeed, that was my point: currently, the only way to avoid the extra
round-trip is emulated prepares, which means you don't get the full
security of parameterised queries.
It's sad PDO doesn't have a pg_query_params() equivalent method, most
people would stop using prepare() if that was the case.
Agreed. :)
Although it would also require people to stop using the term "prepared
query" to mean "parameterised query", which I see a lot.
Regards,
--
Rowan Tommins
[IMSoP]
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
