Which of the following is the main reason prepared statements are used in SQL?
Think about how prepared statements handle user input safely.
Prepared statements separate SQL code from data, which helps prevent attackers from injecting harmful SQL commands.
Besides security, what is another key benefit of using prepared statements?
Think about what happens when the same query runs multiple times with different data.
Prepared statements let the database prepare the query once and reuse it, which saves time on parsing and planning.
Given the following SQL commands, what will be the output of the final SELECT?
PREPARE stmt FROM 'SELECT ? + ? AS sum'; SET @a = 5; SET @b = 10; EXECUTE stmt USING @a, @b; DEALLOCATE PREPARE stmt;
Placeholders (?) can be used in expressions like SELECT ? + ?.
Placeholders cannot be used as direct operands in expressions in many SQL databases like MySQL. Using ? + ? in SELECT causes a syntax error.
What is wrong with this prepared statement usage?
PREPARE stmt FROM 'INSERT INTO users (name, age) VALUES (?, ?)'; EXECUTE stmt USING 'Alice', 30; DEALLOCATE PREPARE stmt;
Check how parameters are passed to EXECUTE in prepared statements.
EXECUTE expects user-defined variables (e.g., @var), not direct literal values. Passing literals causes an error.
You have a query that runs thousands of times with different values. Which approach best optimizes performance?
Think about how databases handle query parsing and planning.
Prepared statements allow the database to parse and plan the query once, then reuse it many times with different data, saving time and resources.