Do I need to prepare an instruction, even if I know the type of parameters?

Question

Do I need to prepare an instruction, even if I know the type of parameters?

If the parameter is an integer and does not come from user input, is it a variable that I set as $type = 5;, do I still need to make a placeholder for it, as well as for parameters coming from user input ( WHERE type = ?)? Are there any benefits to this?

+3

sql php pdo prepared-statement

Anna K. Feb 06 '14 at 10:40

source share

2 answers

. , - . , sql

+1

Chrisi 06 . '14 10:47

halfer · Accepted Answer · 2014-02-06T10:44:25+0000

It is a good idea to parameterize wherever possible, for security reasons, but you do not need this. Queries with parameterized queries are much more beneficial for using query cache effects, although it can be seen that the performance efficiency depends on your scenario.

SQL ; , , . , .

Do I need to prepare an instruction, even if I know the type of parameters?

More articles: