Prepared Statements in MySQL

What is a Prepared Statement?

In MySQL

PREPARE stmt FROM 'SELECT * FROM students WHERE marks > ?';
SET @m = 80;
EXECUTE stmt USING @m;
DEALLOCATE PREPARE stmt;

In PHP (PDO)

$stmt = $pdo->prepare("INSERT INTO students(name, marks) VALUES(?, ?)");
$stmt->execute(["Aman", 88]);

Summary

• Prepared statements separate SQL from values using placeholders (?).
• They prevent SQL injection and speed up repeated queries.

Prepared Statement क्या है?

MySQL में

PREPARE stmt FROM 'SELECT * FROM students WHERE marks > ?';
SET @m = 80;
EXECUTE stmt USING @m;
DEALLOCATE PREPARE stmt;

PHP (PDO) में

$stmt = $pdo->prepare("INSERT INTO students(name, marks) VALUES(?, ?)");
$stmt->execute(["Aman", 88]);

सारांश

• Prepared statements placeholders (?) से SQL को values से अलग करते हैं।
• SQL injection रोकते हैं और बार-बार चलने वाली queries तेज़ करते हैं।