PHP+MySQL using PDO

What is MySQL?

MySQL is a freely available open source Relational Database Management System (RDBMS) that uses Structured Query Language (SQL)

What is PDO?

PDO stands for PHP Data Objects. A PHP extension that  defines a lightweight, consistent interface for accessing databases in PHP.

PDO provides a data-access abstraction layer, which means that, regardless of which database you're using, you use the same functions to issue queries and fetch data.

Prepared Statements

A prepared statement is a feature used to execute the same (or similar) SQL statements repeatedly with high efficiency.

Prepared statements basically work like this:

1. Prepare: An SQL statement template is created and sent to the database. Certain values are left unspecified, called parameters (labeled "?"). Example: INSERT INTO MyGuests VALUES(?, ?, ?)
2. The database parses, compiles, and performs query optimization on the SQL statement template, and stores the result without executing it
3. Execute: At a later time, the application binds the values to the parameters, and the database executes the statement. The application may execute the statement as many times as it wants with different values

Prepared Statements

Some advantages:

• Prepared statements are very useful against SQL injections
• Prepared statements reduce parsing time as the preparation on the query is done only once
• Bound parameters minimize bandwidth to the server as you need send only the parameters each time, and not the whole query