what is php preprocessing

You can think of PHP preprocessing as a compiled template of the SQL you want to run, which can be customized using variable parameters.

Benefits of PHP preprocessing:

1. The query only needs to be parsed (or preprocessed) once, but can be executed multiple times with the same or different parameters. When a query is ready, the database will analyze, compile, and optimize
the plan for executing the query. For complex queries, this process takes a long time, and if the same query needs to be repeated multiple times with different parameters, this process will significantly slow down the application. By using prepared statements, you can avoid repeated analysis/compile/optimization cycles. In short, prepared statements take up fewer resources and run faster because of
.

2. The parameters provided to the prepared statement do not need to be enclosed in quotation marks, the driver will automatically process them. If the application only uses prepared statements, it can be ensured that SQL injection will not

occur. (However, if other parts of the query are constructed from unescaped input, there is still a risk of SQL injection).

The working principle of prepared statements is as follows:

1. Preprocessing: Create a SQL statement template and send it to the database. Reserved values ​​are marked with the parameter "?". For example:

INSERT INTO MyGuests (firstname, lastname, email) VALUES(?, ?, ?)

2. Database parsing, compilation, query optimization on SQL statement templates, and storing the results without output.

3. Execution: Finally, the application-bound value is passed to the parameter ("?" mark), and the database executes the statement. The application can execute the statement multiple times if the parameter values ​​are different.

The above is the detailed content of what is php preprocessing. For more information, please follow other related articles on the PHP Chinese website!