2

I'm discovering FlourishLib and I was looking at their fDatabase.php code to see how they handle sql queries, and I was really surprised to see that when you use MySQL, they disable prepared queries

$this->connection->setAttribute(PDO::MYSQL_ATTR_DIRECT_QUERY, 1);

(line 599)

Why did they do this?

I'm used to PDO.prepare & PDOStatement.execute, and I wonder why this choice.

halfer
  • 19,824
  • 17
  • 99
  • 186
Cyril N.
  • 38,875
  • 36
  • 142
  • 243

1 Answers1

1

For a very long time, MySQL server-side prepared statements were a theoretical performance hit and source of annoyance. This MySQL Performance Blog post from 2006 outlines most of the reasons. The ones to pay attention to concern the query cache and how prepared statements bypass it, extra round-trips for the prepare-params-execute cycle, and a stricter standard for what can and can't be used as a placeholder value.

Starting with MySQL 5.1.17, some but not all prepared statements can now use the query cache. The other minor concerns are still present.

It's worth knowing that there are two controls for how PDO does prepared statements. The other is called PDO::ATTR_EMULATE_PREPARES. See also: this not-quite-dupe question from earlier this year.

Community
  • 1
  • 1
Charles
  • 50,943
  • 13
  • 104
  • 142
  • But then, I tried to use fStatement for prepared statement, but it's not supported for MySQL, how can I do then? – Cyril N. Nov 06 '12 at 09:13
  • The library you are using uses PDO. PDO can do it's own placeholder substitution and emulate prepared statements, as noted above. – Charles Nov 06 '12 at 18:08
  • I know PDO can do that, but why Flourish disable the PDO functionalities, that's what I'm wondering! – Cyril N. Nov 06 '12 at 19:53
  • It's probably for one of the reasons I mentioned above. – Charles Nov 06 '12 at 20:42