Currently, I only use stored procedures, is this considered good practice or bad? I find it helpful to separate my SQL code from my PHP code, and I also remember hearing in a PHP course I took a few semesters back that stored procedures are more secure.

目前,我只使用存储过程,这被认为是好习惯还是坏习惯?我发现将SQL代码与PHP代码分开是很有帮助的,而且我还记得在PHP的课程中,我花了几个学期的时间来恢复存储过程的安全性。

1 个解决方案

#1

4

In the past, stored procedures and prepared statements were always faster than dynamic SQL strings sent to a database. These days, although that might still be the case sometimes, the differences are minor, if not negligible, so the major benefits of a stored procedure are safety from SQL injection attacks, and also as a layer of abstraction between the application code and the database (allowing you to use the same queries easily across different DB APIs or even different languages). So in general I'd still prefer stored procedures where possible.

在过去,存储过程和准备语句总是比发送到数据库的动态SQL字符串快。这些天来,虽然有的时候可能仍然是这样,差别是很小的,如果不是可以忽略不计,所以一个存储过程的主要好处是安全从SQL注入攻击,同时也作为一个抽象层之间的应用程序代码和数据库(允许您使用相同的查询很容易在不同的DB api,甚至不同的语言)。所以一般来说,在可能的情况下,我还是更喜欢存储过程。

更多相关文章

  1. PHP / Ajax:如何在成功登录后启动会话(剩余代码工作)
  2. php二维码/26行代码制作php二维码phpqrcode加grafika水印
  3. php分页代码的问题,显示了两个当前页码,求大神解答
  4. PHP开发微信支付代码及支付通知处理
  5. 几个有用的php字符串过滤,转换函数代码
  6. 在Web Page中包含PHP代码
  7. php mail函数一段好的代码
  8. 用于上传多个文件的PHP代码
  9. (phpQuery)对网站产品信息采集代码的优化

随机推荐

  1. android:属性
  2. Android如何注册服务到ServiceManager?
  3. android_relative布局参数学习
  4. Android(安卓)监听软键盘显示和隐藏
  5. 《深入浅出Google Android》即将隆重上市
  6. Android 图片加载图片_OOM异常解决
  7. Android corners 圆角属性各个版本之间兼
  8. 系出名门Android(8) - 控件(View)之TextS
  9. Android出现Could not find ***.apk!错误
  10. android EditText中的inputType .