
Ask HN: SQL; to prepare or not to prepare, is this blog correct? - xupybd
I just ran into this blog post https:&#x2F;&#x2F;joshduff.com&#x2F;2011-05-10-why-you-should-not-be-using-mysqli-prepare.md<p>This goes against everything I&#x27;ve been taught. I&#x27;ve always thought you should always use prepared statements for security. While it&#x27;s possible to make sure you escape well, your best to rely on prepared statements doing that for you.<p>But is this guy correct? Is the performance hit a big enough problem?
======
tenken
I wouldn't trust anything written in 2011, I'd research newer analysis before
coming to an opinion.

There are many details to cover such as emulated prepares, or not emulated
prepares -- for some examples of more recent opinions on the matter:

[https://stackoverflow.com/q/10113562/1491507](https://stackoverflow.com/q/10113562/1491507)

------
borplk
It's garbage, ignore the post.

