Reputation: 370
Which parameters should I declare as sql placeholders?
Should I use a placeholder for every parameter even if it a parameter is always same? And how about nulls? Should I use placeholders for them also?
I'm interested in avoiding preparing and enable caching of the query. I'm using mysql, php and pdo but I think this is the same also with other databases. Security is not a deal because the parameters in the question are hard coded.
Case 1: Should I use a placeholder for visibility or is hard coded value 1 better? select * from table where visibility=1 and product=:id
Case 2: Should I use a placeholder for null? (and is it the same for both cases?) select * from t1 where color is null update t1 set color=null where product=:id
Upvotes: 0
Views: 320
Answers (1)
Reputation: 157839
if parameters are hardcoded, there is no use for the placeholders at all.
Query caching is enabled by mysql by default, so, you have no worry about it.
So, if there are really no dynamically changed parameters, there is no use in preparing and executing. Just use PDO query method.
However, the question from your title, Which parameters should I declare as sql placeholders? is muhch more interesting.
in terms of that clumsy PDO library, you have to use placeholders for data only. but in terms of creating SQL queries dynamically, you have to use appropriate placeholders for every variable part of query.
Upvotes: 1
Related Questions
- Should prepared statement ever be used without placeholders
- PDO prepared statement with optional parameters
- Error when using placeholder in prepared statement
- How to run a PDO prepared statement (with named placeholders) in phpmyadmin?
- PDO not binding placeholders
- Optional parameter in prepared query
- Prepared Statements - Should I use php prepared statements even in queries without (?) placeholders?
- PDO prepared statement with placeholder not work
- Which tokens can be parameterized in PDO prepared statements?
- PHP PDO::prepare() - SQL Error with placeholders