Why to use prepared statement in php mysql

  1. Prepared statements are very useful against SQL injections, because parameter values, which are transmitted later using a different protocol, need not be correctly escaped. If the original statement template is not derived from external input, SQL injection cannot occur.
  2. Bound parameters minimize bandwidth to the server as you need send only the parameters each time, and not the whole query.
  3. Prepared statements reduces parsing time as the preparation on the query is done only once (although the statement is executed multiple times).

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *