Kerry Jones
Reputation: 21838
MySQLi - Should every statement be prepared?
I know its supposed to improve performance and clean strings, but lets say there are no variables?
Might just be a
SELECT COUNT( `column` ) AS count FROM `table`
- Should that be prepared?
- Is there any case that a
SELECTstatement should not be prepared?
Upvotes: 2
Views: 275
Answers (2)
ZZ Coder
Reputation: 75456
A general rule: If the query contains user input, it should be prepared. Otherwise, you don't have to. Your example doesn't need to be prepared.
Upvotes: 4
Powerlord
Reputation: 88796
As a general rule, you should prepare statements that take variables from somewhere else. Usually this includes INSERT and UPDATE statements, SELECTs and DELETEs with WHERE clauses, and stored procedure calls with arguments.
Upvotes: 7
Related Questions
- Is using prepared statements necessary?
- Is it necessary to Initialize a statement using MySQLi and PHP Prepared Statements
- PHP- MySQLI prepare statements
- mysqli and prepared statements
- PHP MySQLi prepared statement - should I include all the fields?
- Is it really nesseccary to PREPARE statements with PHP's mysqli?
- Inserting data with MySQLi - Should I use prepared statements?
- PHP & mySQLi: Do I still need to check user input when using prepare statements?
- question about mysqli prepare
- prepare() vs query() mysqli