DEV Community

Discussion on: Four Tips for a More Secure Website

Collapse
 
restoreddev profile image
Andrew Davis

Based on what I have read, emulated prepares are as safe as native prepares if you use them correctly. Though turning them off is a safer choice from a configuration perspective because it forces SQL to do the work. Setting up PDO could be a topic of its own post.

Collapse
 
dvhh profile image
dvhh

I am not aware of the internal implementation, but I still feel that native prepared statement is way safer than emulated one ( as the only obvious implementation would rely on some form of input escaping, which is not always working as intended )