On 05/20/2013 10:27 AM, Charles Curley wrote:
> I can see the elegance of prepared statements when you are planning on
> re-using the statement with different parameters, say in order to stuff
> a table for the first time.
Methinks you missed the point of prepared statements.
> Is it all that useful in a web application, where usually you use a
> statement once per execution of a given page and its backing script.
> For example, I have an intake page for once bill. So to process the
> bill, I look to see if there is already an entry for it. If there is, I
> update it; if not I insert the bill. Each of those statements gets run
> no more than one time in the script. Is it worth it to prepare a
> statement for each of those?
This is the place where it is most useful. Consider which is more safe:
printf(message);
or
printf("%s", message);
The same reason you always use the latter version of printf in C is the
reason you should always used prepared statements when taking input from
untrusted sources. Always.
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
