473,287 Members | 1,413 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,287 software developers and data experts.

prepared statements with mysqli-extension

Hi!
Some questions regarding the mysqli-extension (php5)

1) Prepared statements: If I understand things right, prepared statements
will give better performance if you make several similar querys. (where you
only change the parameters) But what if you do only ONE query; will it then
be usefull to use prepared statements? Can it actuelly give better
performance NOT to use prepared statements in that case?

2) Are there any DISadvantages using the mysqli-extensions?

3) Are there any DISadvantages using prepared statements in general?

Thanks for your replies.

ojorus
Oct 19 '06 #1
2 2701
I've been using the mysqli extension for some time now. There are
things I like about it and things that I don't like about it. But
first, about perpared statements. All they do is take some of the load
off of your database and move it to your web server. Prepared
statements "compile" the query before sending it off to the database to
run. Whether or not they will provide a performance increase on a
single query I think is hard to say. That depends on the load of your
DB and the load of your web server. If these boxes are one and the same
then I don't think you would notice any difference.

That being said, the idea of a prepared statement is much better than
just using string concatentation to build your queries. When I say
better I mean safer and increased data integrity. Parameter's can only
be put in predefined places, like the "where ID = ?". In addition when
you bind your parameters you specify the type of data that you are
using in each respective field. So if you try to put a string in a int
field, the bind will not work.

Some disadvantages I've found is with prepared statements are error
reporting. Errors in your queries don't appear all that often when you
call prepare(). While the function will return false, it won't always
give you any indication as to why it was false. Also, when you are
binding your results you must know the number of columns that your db
is going to return. So using "Select *" can be a bad idea because if
you add a DB column later, the number of columns will change and
bind_result() will fail because you haven't bound all the columns to
something. While this can be annoying, the right way to query your db
(especially if you are trying to optimize your db) is to only return
the columns that you need. This forces you to be a little more honest
when you are programming.

As for using mysqli, I would say there are no disadvantages. I don't
even remember what the regular mysql function set looks like anymore.
On nice thing about mysqli is the ability to start, commit and rollback
transactions without having to send a string to the database.

Lastly, if you are looking for a different DB connecter you might want
to look into PDO (PHP Data Objects) with offers a database abstraction
layer, prepared statements, exceptions and many more. More info can be
found here: http://us2.php.net/pdo
ojorus wrote:
Hi!
Some questions regarding the mysqli-extension (php5)

1) Prepared statements: If I understand things right, prepared statements
will give better performance if you make several similar querys. (where you
only change the parameters) But what if you do only ONE query; will it then
be usefull to use prepared statements? Can it actuelly give better
performance NOT to use prepared statements in that case?

2) Are there any DISadvantages using the mysqli-extensions?

3) Are there any DISadvantages using prepared statements in general?

Thanks for your replies.

ojorus
Oct 20 '06 #2
Thanks a lot for a very informative article. I found it very useful!

ojorus.

<mm*****@gmail.comskrev i melding
news:11**********************@h48g2000cwc.googlegr oups.com...
I've been using the mysqli extension for some time now. There are
things I like about it and things that I don't like about it. But
first, about perpared statements. All they do is take some of the load
off of your database and move it to your web server. Prepared
statements "compile" the query before sending it off to the database to
run. Whether or not they will provide a performance increase on a
single query I think is hard to say. That depends on the load of your
DB and the load of your web server. If these boxes are one and the same
then I don't think you would notice any difference.

That being said, the idea of a prepared statement is much better than
just using string concatentation to build your queries. When I say
better I mean safer and increased data integrity. Parameter's can only
be put in predefined places, like the "where ID = ?". In addition when
you bind your parameters you specify the type of data that you are
using in each respective field. So if you try to put a string in a int
field, the bind will not work.

Some disadvantages I've found is with prepared statements are error
reporting. Errors in your queries don't appear all that often when you
call prepare(). While the function will return false, it won't always
give you any indication as to why it was false. Also, when you are
binding your results you must know the number of columns that your db
is going to return. So using "Select *" can be a bad idea because if
you add a DB column later, the number of columns will change and
bind_result() will fail because you haven't bound all the columns to
something. While this can be annoying, the right way to query your db
(especially if you are trying to optimize your db) is to only return
the columns that you need. This forces you to be a little more honest
when you are programming.

As for using mysqli, I would say there are no disadvantages. I don't
even remember what the regular mysql function set looks like anymore.
On nice thing about mysqli is the ability to start, commit and rollback
transactions without having to send a string to the database.

Lastly, if you are looking for a different DB connecter you might want
to look into PDO (PHP Data Objects) with offers a database abstraction
layer, prepared statements, exceptions and many more. More info can be
found here: http://us2.php.net/pdo
ojorus wrote:
>Hi!
Some questions regarding the mysqli-extension (php5)

1) Prepared statements: If I understand things right, prepared statements
will give better performance if you make several similar querys. (where
you
only change the parameters) But what if you do only ONE query; will it
then
be usefull to use prepared statements? Can it actuelly give better
performance NOT to use prepared statements in that case?

2) Are there any DISadvantages using the mysqli-extensions?

3) Are there any DISadvantages using prepared statements in general?

Thanks for your replies.

ojorus

Oct 23 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Mark | last post by:
hello! mysqli in PHP5 comes with prepared statements functionality. However, without persistent connections or connection pooling in this code library, one has to ask: why bother? are...
0
by: David.Tymon | last post by:
>Description: MySQL v4.1.0-alpha only allows a client to prepare a maximum of 254 statements. On the 255th mysql_prepare() call, a failure is returned with no information returned by...
1
by: Tom D | last post by:
I'm rewriting a database interface that our company currently has. Currently it's using the Pear::DB interface, but we found that that was introducing a bit too much overhead. I'm rewriting the...
2
by: Cyril VELTER | last post by:
I'm converting an application to use the V3 protocol features in the 7.4 libpq. As I need to make a design choice regarding the use of prepared statements, I'm wondering what ressources does a...
13
by: Schmidty | last post by:
If you do a page reload with $_SERVER will your program lose a mysqli connection upon the reload of the page? Would this code work? I need to know how to carry over a connection between methods as...
3
by: Ciaran Byrne | last post by:
I'm trying to move data from one or more tables to identical table(s) in a different database, likely on a different server. This prevents me from using INSERT..SELECT, so up until now I've done a...
2
by: Pugi! | last post by:
It is by accident that I noticed that I forgot to use mysql_real_escape_string in part of my webapp. I tested input with following text : Hélène 51°56'12'' http://www.mysite.org/folder 3 functions...
4
by: TechieGrl | last post by:
Prepared statements are new to me and having to do this with a multi- dimensional array is beyond me. Here is the prepared statement block: // Prepare to insert a record into table1...
1
by: lazukars | last post by:
I have done a good amount of research on prepared statements in php. The problem is that I have found various examples on how to select and insert information into a Mysql database. I want to make...
0
by: lazukars | last post by:
I am building some code with msqli prepared statements via. The code will be used for a form that will send data to a MySql database. What I would like to know is how secure are prepared...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: marcoviolo | last post by:
Dear all, I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.