| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | Denis Gasparin <denis(at)edistar(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Prepared queries vs Non-prepared |
| Date: | 2007-03-28 08:50:09 |
| Message-ID: | 460A2C41.6060307@archonet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Denis Gasparin wrote:
> Hi!
> I am testing the PHP PDO library versus the old style PHP postgres
> functions.
>
> I noted that PDO library declare and prepare every statement. I mean:
>
> $s = $db->query("select * from test where field=1");
>
> is equivalent to
>
> $s = $db->prepare("select * from test where field=?");
> $s->execute(array('1'));
> Speaking about postgresql performance...
> would not it be more efficient executing directly the query in the first
> case ($db->query) than
> preparing a statement without parameters and then executing it?
It almost certainly is faster, at least for very short queries that you
only run once. Hopefully if I run the same query twice in a row, the PDO
library doesn't prepare it twice.
However, the separate prepare/execute is a little safer since it's
harder for a user-supplied parameter to have the wrong type or do sql
injection.
--
Richard Huxton
Archonet Ltd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sebastian Boehm | 2007-03-28 08:54:27 | performance of fixed length columns-only tables |
| Previous Message | Dmitry Koterov | 2007-03-28 08:40:22 | Re: Strange behaviour under heavy load |