MySQLI Prepared Statements

[eluser]Unknown[/eluser]
Hello,

I'm wondering if it is possible to perform queries using prepared statements (like this http://php.net/manual/en/mysqli.prepare.php) using the db object.

Please if you could add examples too i would be so damn gratefull

Thanks everyone!

[eluser]bretticus[/eluser]
See Query Bindings in the manual.

[eluser]Unknown[/eluser]
Thank you very much!!!

[eluser]Unknown[/eluser]
Does using query bindings actually do a prepare and an execute? If I do the following (partly snipped from CI documentation)

Code:

$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
$this->db->query($sql, array(3, 'live', 'Rick'));
$this->db->query($sql, array(4, 'dead' ,'Shakespeare'));

Does this re-prepare and execute the query for Shakespeare? Or is CI smart enough to realize this statement has been prepared already, and it only needs to execute the statement?

I realize a good reason for using query bindings is to prevent SQL injections. But I was also hoping that query bindings would let me prepare a statement once and then execute it many times with different parameters, which is also faster. Statements I execute only once, I wouldn't bother preparing (other than to protect from SQL injection.)

I haven't quite gotten into the full use of the Active Record class yet.

Thank you,
PH

[eluser]bretticus[/eluser]
What you proposed ought to work fine because you're passing in the same $sql variable each time. Note, this is different than, say, a PDO prepared statement for the fact that you do not return an object that you execute against and might actually be faster in the long run. With CI you are probably (I didn't look at the "guts") just executing a new query that is rendered each time you call query (for all I know PDO may not differ too much.) Either way, you get the benefit of passing different arrays values to the same sql statement. Very useful.