Can I use real prepared statements for MySQL with PDO now?

Question

5 years ago (really!) Wez Furlong was the lead developer of PDO and he wrote this:

I recommend that you use the following attribute when working with PDO::MYSQL, available in the current PHP 5.1.3 release candidates and snapshots:

$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true);

This causes the PDO native query parser to be used instead of the native prepared statements APIs in the mysql client, and effectively eliminates those problems.

Rationale is given at http://wezfurlong.org/blog/2006/apr/using-pdo-mysql/

However, he could not answer if the problems have been remedied now that PDO is using Mysqlnd (at least I assume it is).

Does anyone know?

Answer 1

Yes, if you set ATTR_EMULATE_PREPARES to false ( or 0) it will use real prepared statements.

Sort of. It still has all of the fallback logic. So while mysqli::prepare would fail if the prepare from the server failed, PDO will not as it will fall back to emulating the prepare. The reason for this is so that PDO can use prepared statements on versions of MySQL that don't support it, as well as for statements (such as ALTER) which don't support preparation.

So it will use real prepared statements whenever MySQL will let you (again, only if ATTR_EMULATE_PREPARES to false)...