I have read several times that, by default, PDO does not use native prepared statements, but prefers to emulate them. To enable true prepared statements, you can add:
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
I have also read that this is the case for MySQL, but not for PostgreSQL.
The one place I really expected to read that was PHP’s web site, but I find no mention of it at all.
The closest I can find to that is from http://php.net/manual/en/pdo.prepare.php:
PDO will emulate prepared statements/bound parameters for drivers that do not natively support them, and can also rewrite named or question mark style parameter markers to something more appropriate, if the driver supports one style but not the other.
In http://www.php.net/manual/en/ref.pdo-mysql.php it says:
PDO_MYSQL will take advantage of native prepared statement support present in MySQL 4.1 and higher. If you're using an older version of the mysql client libraries, PDO will emulate them for you.
Personally, I prefer to use true prepared statements, so that’s easy enough to fix, especially in 2017 where database support is pretty good.
The question is: Where is it documented that PDO defaults to emulated prepares? Also, does this apply to all databases or some?
Note: There is an existing question at Does PDO always use emulated prepared statements by default?. This is not a duplicate (I have already read that one):
- The question is 5 years old
- The links are dead
- There is some dissent in the comments.
That question does not tell me where this is actually documented.
