[TYPO3-Performance] Prepared statements
Vahan Amirbekyan
vamirbekyan at dgfoundation.org
Wed Nov 19 18:53:49 CET 2008
prepared statements are immune to SQL injection.
"Martin Kutschker" <masi-no at spam-typo3.org> wrote in message
news:mailman.1.1227084073.9787.typo3-performance at lists.netfielders.de...
> Vahan Amirbekyan schrieb:
>> Folks,
>> what is the deal with prepared statements.
>> Are they supported in v4.x ?
>
> No.
>
>> from forums I got a vague idea that it is not and may in v5.
>
> The internals of the content repository may use it, but AFAIK there are
> (currently) no plans to provide direct access to the DB via FLOW3.
>
>> I believe it brings value to typo3 by improving performance
>
> If you repeat the same queries (in the same script run) with only
> changes to the WHERE parameters then it could be faster because the
> query plan has only to be created once by the database. It is of no use
> for run once queries.
>
> TYPO3 runs some of the queries more than once (page and page tree
> access), but it would need to cache those prepared queries.
>
>> and security.
>
> Why?
>
> Masi
More information about the TYPO3-Performance
mailing list