Reply To: Try out my first PHP web app!

[__]

Well, that article mentions three main advantages:

• Prepared statements are more secure.
• Prepared statements have better performance.
• Prepared statements are more convenient to write.

Security:
Prepared statements allow you to send your SQL instructions in one part, and the data in another. SQL injection attacks are all about tricking the DB into doing something by confusing data with instructions. Using prepared statements makes this impossible.

Performance:
Using prepared statements allow the DB to analyse your SQL and build an execution plan for it before actually doing it. This has the advantage of only happening once, even if you execute the statement many times. The separation of data and instructions can sometimes even allows better performance with single-use statements.

Convenience:
You can write your statements more clearly, without worrying about having to use double-quotes vs. single-quotes or concatenate the SQL around calls to escape functions and “imagine” what the finished query will look like. Easier to read = easier to understand, fewer mistakes.