0

I have been looking into prepared statement and how to use them but my question is when is it best to use them or use a mysqli statement. As I was read up on prepared statement someone stated that you should never use prepared statement for something like a login form as this is only a form you will use once per time you visit a website.

Is this true or is it best to use prepared statement all the time as it stops SQL injection?

user3907336
  • 31
  • 7
  • possible duplicate of [When \*not\* to use prepared statements?](http://stackoverflow.com/questions/535464/when-not-to-use-prepared-statements) – Dijkgraaf Jun 01 '15 at 22:19

1 Answers1

1

I think that is a good practice to use prepared statements always, it prevents some security risks and has some improvements related with performance. In the next link you can read a bit about prepared statements in java. Using prepared statements, Java Oficial

Cristian Arteaga
  • 450
  • 7
  • 11
  • could you please tell me with the pros and cons are of prepared statements but more on the cons as books and website dont really go into much detail about the cons of prepared statements – user3907336 Jun 01 '15 at 23:23