[ciapug] On or Off ...
Carl Olsen
carl-olsen at mchsi.com
Fri Aug 12 18:23:44 CDT 2005
As you can see from the example I just sent, I'm using mysqli without the
prepared statements and I'm using the database abstraction layer to escape
the arguments. What am I going to gain by switching to prepared statements?
I can see the code might be fewer lines, but I'm also wondering about
performance. Am I going to realize an improvement in performance?
Thank for your help!
Carl
http://www.carl-olsen.com/
-----Original Message-----
From: Tony Bibbs [mailto:tony at tonybibbs.com]
Sent: Friday, August 12, 2005 2:05 PM
To: carl-olsen at mchsi.com; ciapug at cialug.org
Subject: Re: [ciapug] On or Off ...
Are you talking about cleaning it as far as escaping arguments to your
prepared statements? If so, 4.1.x should be doing it on the server for
you. Older ones would have to be done by your database abstraction layer.
I think it's safe to black-box that much of it. As long as you are
using prepared statements you are safe(r).
--Tony
Carl Olsen wrote:
> It is unclear to me where the actual "cleaning" of the data in MySQL,
> Improved (mysqli) is occurring. Is it being emulated in code, or is it
> actually running inside the MySQL server (4.1.2 and higher - I'm on
4.1.13a
> right now)?
>
> Carl
>
More information about the ciapug
mailing list