1. Introduction
Starting from MySQL 4.1, prepared statements are supported, which greatly improves the efficiency of data transmission between the client and server. When creating a predefined SQL, the client sends a prototype of the SQL statement to the server. After the server receives the SQL statement, it parses and stores the partial execution plan of the SQL statement, and returns a SQL statement processing handle to the client. Each time this SQL is executed in the future, the client specifies the use of this handle to achieve a compilation. , The effect of multiple runs.
2. Features
: Efficient: only need to parse SQL once on the server side, and some optimizer work on the server side only needs to be executed once, and it will cache a part of the execution plan.
Security: The use of prepared statements eliminates the need to handle escaping in the application, and greatly reduces the risk of SQL injection and attacks.
Cost: For repeatedly executed SQL, you only need to send the parameters to the server side instead of the entire SQL statement, so the network overhead will be smaller.
3. Use
MySQL to support the preprocessing of the SQL interface, that is, you can directly use the preprocessing in SQL without using the binary transfer protocol. The preprocessing syntax is as follows.
#定义预处理语句
prepare stmtName from preparableStmt;
#执行预处理语句
execute stmtName [using @varName1,@varNam2,...,@varNameN];
# 删除预处理
{
deallocate | drop} prepare stmtName;
As shown in the figure below, use preprocessing to query user information based on user names.
