Eddie Drapkin wrote:
Things I have used prepared statements for:
1. SELECT
2. UPDATE
3. INSERT
4. DELETE
5. Stored procedures
Things I am aware of that prepared statements are not capable of doing:
What have you read that prepared statements can't do? I've not heard
of anything, nor have I encountered anything, myself. And given that
I am prone to making errors, I like the fact that my work flow
prevents a mistake I make leading to an unnoticed vulnerability.
There was some stuff specified in the MySQL documentation.
I *think* for example selection data resulting from a union of two
tables with the AS TABLE modifier. I might be wrong about that.
It was nothing I frequently do.
I do have one really ugly query that does joins of one table and another
table that actually is a union of two tables - but that particular query
does not use any user provided data (it's part of my range map
generation script) so I don't use prepared statements with it anyway.
There's actually a bug in it (my huge query) though not significant, I'm
planning to just break it up into several smaller queries and use php to
do the hard work since that's easier to read and performance isn't an
issue (run by server twice a month to generate a png image, never run by
user).
But yeah - the stuff in the documentation where prepared statements
don't work is pretty obscure stuff.
I believe MDB2 simulates prepared statements for databases without
native prepared statements anyway.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
