2009/7/12 Eddie Drapkin <oorza...@gmail.com>:
> No offense or anything, but all of this work you've done is
> immediately mode obsolete the second you switch to prepared
> statements.  They're easier to use and more secure, as well as making
> code more readable.  I don't understand why it's so hard for them to
> catch on among PHP developers when they're so popular in other
> languages.

They are also a *lot* slower for statements you're only going to
execute once as they involve two round trips to the DB server instead
of one. If your DB is local and not very heavily loaded then you
probably won't notice this, but for those of us working on sites with
substantial traffic they can kill site performance dead if applied

Prepared statements have their uses, but they are not universally
applicable, which is something that the MySQL documentation also
clearly states.

As far as security goes prepared statements offer nothing more than a
reasonable and, IMHO, necessary amount of due diligence on the part of
the developer will also achieve.



PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to