Posted by ojorus on 10/23/06 08:19

Thanks a lot for a very informative article. I found it very useful!

ojorus.

<mmckeon@gmail.com> skrev i melding
news:1161350331.086579.156720@h48g2000cwc.googlegroups.com...
> I've been using the mysqli extension for some time now. There are
> things I like about it and things that I don't like about it. But
> first, about perpared statements. All they do is take some of the load
> off of your database and move it to your web server. Prepared
> statements "compile" the query before sending it off to the database to
> run. Whether or not they will provide a performance increase on a
> single query I think is hard to say. That depends on the load of your
> DB and the load of your web server. If these boxes are one and the same
> then I don't think you would notice any difference.
>
> That being said, the idea of a prepared statement is much better than
> just using string concatentation to build your queries. When I say
> better I mean safer and increased data integrity. Parameter's can only
> be put in predefined places, like the "where ID = ?". In addition when
> you bind your parameters you specify the type of data that you are
> using in each respective field. So if you try to put a string in a int
> field, the bind will not work.
>
> Some disadvantages I've found is with prepared statements are error
> reporting. Errors in your queries don't appear all that often when you
> call prepare(). While the function will return false, it won't always
> give you any indication as to why it was false. Also, when you are
> binding your results you must know the number of columns that your db
> is going to return. So using "Select *" can be a bad idea because if
> you add a DB column later, the number of columns will change and
> bind_result() will fail because you haven't bound all the columns to
> something. While this can be annoying, the right way to query your db
> (especially if you are trying to optimize your db) is to only return
> the columns that you need. This forces you to be a little more honest
> when you are programming.
>
> As for using mysqli, I would say there are no disadvantages. I don't
> even remember what the regular mysql function set looks like anymore.
> On nice thing about mysqli is the ability to start, commit and rollback
> transactions without having to send a string to the database.
>
> Lastly, if you are looking for a different DB connecter you might want
> to look into PDO (PHP Data Objects) with offers a database abstraction
> layer, prepared statements, exceptions and many more. More info can be
> found here: http://us2.php.net/pdo
>
>
> ojorus wrote:
>> Hi!
>> Some questions regarding the mysqli-extension (php5)
>>
>> 1) Prepared statements: If I understand things right, prepared statements
>> will give better performance if you make several similar querys. (where
>> you
>> only change the parameters) But what if you do only ONE query; will it
>> then
>> be usefull to use prepared statements? Can it actuelly give better
>> performance NOT to use prepared statements in that case?
>>
>> 2) Are there any DISadvantages using the mysqli-extensions?
>>
>> 3) Are there any DISadvantages using prepared statements in general?
>>
>> Thanks for your replies.
>>
>> ojorus
>

[Back to original message]