CHAPTER 6 – Mysql – Prepared Statements

One of the major advantages of the mysqli extension as compared to the mysql extension are prepared statements. Prepared statements provide develop- ers with the ability to create queries that are more secure, have better perfor- mance, and are more convenient to write. There are two types of prepared statements: one that executes data manipulation statements, and one that executes data retrieval statements. Prepared statements allow you to bind PHP variables directly for input and output. Creating a prepared statement is simple. A query template is created and sent to the MySQL server. The MySQL server receives the query tem- plate, validates it to ensure that it is well-formed, parses it to ensure that it is meaningful, and stores it in a special buffer. It then returns a special handle that can later be used to reference the prepared statement.