What is a client-side prepared statement?

5

I am starting to develop a page using PHP and, as I am still learning the language, I decided to find which module to use to connect to a MySQL database.

From this answer , I discovered that the mysql_* module has already been deprecated and contains several security issues . In the same answer it indicates the use of the mysqli_ * and the PDO , as I was in doubt was to compare the differences between the two .

This has made me even more confused because mysqli_* seems to offer much more support than PDO , however only PDO supports client-side prepared statements .

My question is what is the difference between server-side and client-side prepared statements? When to use one and when to use the other?

    
asked by anonymous 01.02.2014 / 15:12

1 answer

5

The PDO driver is an abstraction layer, and is not associated with any specific relational DB. This layer simulates prepared client-side statements in case the server does not support prepared statements.

The mysqli library is a specific layer for MySQL databases. Because MySQL databases support prepared server-side statements, there is no need to simulate them.

Briefly, use server-side prepared statements whenever possible. Client-side simulation is only useful when the server itself is not able to do so.

Use PDO whenever you want the extra abstraction layer - that is, if you do not want the code to be dependent on a specific DB - or, as referred to by @bfavaretto, you want to use named parameters.

    
01.02.2014 / 15:17