View Single Post
12-31-2012, 04:41 AM
#2
Village Genius is offline Village Genius
Village Genius's Avatar
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
 
Posts: 6,894
iTrader: 18 / 100%
 

Village Genius will become famous soon enough

  Old

The beauty of prepared statements is that you can use them more than once with different parameters. They are called prepared statements because the database engine partially processes the command itself (without the parameter values) before you actually set the values and run the query. This provides a massive speed benefit.

In your case the first two queries seem necessary but the next two are the exact same thing. Prepare a statement with what you need to be run over and over, use some control structure to continually set the parameters to their next value then run the query.

A more generic example of what I'm talking about

PHP Code:
$arr=array('a','b','c','d','e','f');
$DBLink= new mysqli("localhost""user""password""database");

//Bad way
$DBlink->query("
    INSERT INTO table VALUES (
$arr[0]);
    INSERT INTO table VALUES (
$arr[1]);
    INSERT INTO table VALUES (
$arr[2]);
    INSERT INTO table VALUES (
$arr[3]);
    INSERT INTO table VALUES (
$arr[4]);
    INSERT INTO table VALUES (
$arr[5]);
    INSERT INTO table VALUES (
$arr[6]);
"
);

//Better code, but the same thing as above. 
foreach($arr as $v{
    
$DBlink->query("INSERT INTO table VALUES ($v)");
}

//Best way
$insertLetters$DBlink->prepare("INSERT INTO table VALUES (?)");
foreach(
$arr as $v{
    
$insertLetters->bind_param('s',$v);
    
$insertLetters->execute();