2009/7/12 Eddie Drapkin <oorza2k5@xxxxxxxxx>: > No offense or anything, but all of this work you've done is > immediately mode obsolete the second you switch to prepared > statements. They're easier to use and more secure, as well as making > code more readable. I don't understand why it's so hard for them to > catch on among PHP developers when they're so popular in other > languages. They are also a *lot* slower for statements you're only going to execute once as they involve two round trips to the DB server instead of one. If your DB is local and not very heavily loaded then you probably won't notice this, but for those of us working on sites with substantial traffic they can kill site performance dead if applied unconditionally. Prepared statements have their uses, but they are not universally applicable, which is something that the MySQL documentation also clearly states. As far as security goes prepared statements offer nothing more than a reasonable and, IMHO, necessary amount of due diligence on the part of the developer will also achieve. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
