Even now, I constantly see developers using the ancient “mysql_connect” methods when querying their databases. How come, when there are so many better solutions? In this week’s 40-minute video tutorial, we’ll learn how to create, read, update, and delete records using MySQL improved and prepared statements. Join Today!
After this 40-minute video tutorial, you'll be a "prepared statement" master capable of creating, reading, updating, and deleting records quickly and, most importantly, securely! The source code is neatly divided into subsets so that you may easily copy and paste the code into your own projects.
Why Use Prepared Statements
- The query only needs to be parsed (or prepared) once, but can be executed multiple times with the same or different parameters. When a query is prepared, the database will analyze, compile and optimize it's plan for executing the query.
- Prepared statements use fewer resources and thus run faster.
- The parameters to prepared statements don't need to be quoted; the driver handles it for you. If your application exclusively uses prepared statements, you can be sure that no SQL injection will occur. (However, if you're still building up other parts of the query based on untrusted input, you're still at risk).
...in other words... faster, smarter, and safer!