12 Aug
2022
12 Aug
'22
2:22 a.m.
On Tue, Aug 09, 2022 at 04:53:58PM -0400, Brandon Allbery wrote:
More specifically, a query or DML statement is a string with ? placeholders for values, which is "prepare"d to turn it into internal format and then executed one or more times with values supplied.
The values are serialised, but typically not as strings, avoiding both a performance penalty and potential SQL-injection issues. -- Viktor.