Much have been written about the benefits of using PDO::prepare, but little has been written on the benefits of using PDO::query. I believe PDO::query is created to serve a purpose and there ought to be some relative advantage of using this function over PDO::prepare.
关于使用PDO::准备的好处已经写了很多,但是很少有关于使用PDO::查询的好处的文章。我认为创建PDO::query是为了达到目的,使用这个函数比使用PDO::prepare应该有一些相对优势。
I have a query that goes like this:
我有这样一个查询:
SELECT * from Table ORDER BY id DESC LIMIT 100;
This query contains no user input for escaping and no variables for repeated querying. Should I use PDO::query, go back to mysqli_query or stick to PDO::prepare in this case?
此查询不包含转义的用户输入和重复查询的变量。在这种情况下,我应该使用PDO::query、返回mysqli_query还是坚持使用PDO::prepare ?
UPDATE: Further examination on the general query log shows this for both PDO::prepare and PDO::query:
更新:对一般查询日志的进一步检查显示,PDO::prepare和PDO:::query:
22 Connect user@localhost on Database
22 Prepare SELECT * from Table ORDER BY id DESC LIMIT 100
22 Execute SELECT * from Table ORDER BY id DESC LIMIT 100
22 Close stmt
22 Quit
I was expecting PDO::query to produce:
我期待PDO::查询生成:
22 Connect user@localhost on Database
22 Query SELECT * from Table ORDER BY id DESC LIMIT 100
22 Quit
But this only happens, and to both, when setAttribute(PDO::ATTR_EMULATE_PREPARES, true). I am quite surprised at the result that I am getting. It seems that PDO::query generates prepared statements as well.
但这只会在setAttribute(PDO:: attr_emulate_prepare, true)和这两种情况下发生。我对我得到的结果感到很惊讶。看起来PDO::query也会生成准备好的语句。
2 个解决方案
#1
2
If you just need it once, then there's no point in creating a prepared statement (which unless emulated would result in two network transmissions to the database). Much less so when there are no variable parameters to be bound.
如果您只需要它一次,那么创建一个准备好的语句是没有意义的(除非仿真会导致两个网络传输到数据库)。当没有要绑定的变量参数时,情况就更糟了。
PDO::query is not about benefits. Its use comes with the absence of any. One-off queries don't benefit from the potential speed advantage of prepared statements.
查询与收益无关。它的使用伴随着任何的缺失。一次性查询不能从准备语句的潜在速度优势中获益。
#2
2
I guess I have missed it completely. It states in the PHP manual for PDO::query that:
我想我完全错过了。它在PDO::的PHP手册中声明:
PDOStatement PDO::query ( string $statement )
Parameters
statement
The SQL statement to prepare and execute.
准备和执行的SQL语句。
What this means is that the SQL statement is prepared even with PDO::query. Therefore there is absolutely no advantage to use PDO::query except saving a line or two on the PHP script. This is verified by the general query log shown in the question above.
这意味着SQL语句是用PDO::query编写的。因此,除了在PHP脚本上保存一行或两行之外,使用PDO::query绝对没有好处。上面问题中显示的一般查询日志验证了这一点。
#1
2
If you just need it once, then there's no point in creating a prepared statement (which unless emulated would result in two network transmissions to the database). Much less so when there are no variable parameters to be bound.
如果您只需要它一次,那么创建一个准备好的语句是没有意义的(除非仿真会导致两个网络传输到数据库)。当没有要绑定的变量参数时,情况就更糟了。
PDO::query is not about benefits. Its use comes with the absence of any. One-off queries don't benefit from the potential speed advantage of prepared statements.
查询与收益无关。它的使用伴随着任何的缺失。一次性查询不能从准备语句的潜在速度优势中获益。
#2
2
I guess I have missed it completely. It states in the PHP manual for PDO::query that:
我想我完全错过了。它在PDO::的PHP手册中声明:
PDOStatement PDO::query ( string $statement )
Parameters
statement
The SQL statement to prepare and execute.
准备和执行的SQL语句。
What this means is that the SQL statement is prepared even with PDO::query. Therefore there is absolutely no advantage to use PDO::query except saving a line or two on the PHP script. This is verified by the general query log shown in the question above.
这意味着SQL语句是用PDO::query编写的。因此,除了在PHP脚本上保存一行或两行之外,使用PDO::query绝对没有好处。上面问题中显示的一般查询日志验证了这一点。