What does PDO Prepare do when we use it?

Asked

Viewed 179 times

0

What exactly prepares it does?

For example, does it encrypt, or something like that? Because, to be honest, I use the method, but I never really understood its use.

<html>
<head></head>
<body>
    <?php
        $a = new PDO(); //Imaginem que minhas infos estão aqui
        $query = "SELECT * FROM tableusers";
        $a->prepare($query);
        $a->execute();
    ?>
</body>
</html>

In the case there, without using the prepare would work the same way. Or not? It performs what "under the cloths"?

php pdo prepared-statement

1 answer

3


According to the PHP documentation on php.net

Calling PDO :: prepare() and Pdostatement :: execute() for instructions that will be issued several times with different parameter values optimizes the performance of your application, allowing the driver to trade the client’s cache and / or server’s query plan and meta information and helps prevent SQL injection attacks by eliminating the need to manually cite the parameters.

It helps prevent SQL injection by separating the command from the parameters, treating the user-informed parameters as plain text.

Read more on: http://php.net/manual/en/pdo.prepare.php

Browser other questions tagged php pdo prepared-statement

You are not signed in. Login or sign up in order to post.