Differences

This shows you the differences between two versions of the page.

--- v5:database:mysql [2023/05/10 09:41] – [mysqli driver] mysqlnd required since 5.22 dregad
+++ v5:database:mysql [2025/06/01 13:21] (current) – Remove square brackets in tags dregad
@@ Line 60: / Line 60: @@
 * Enable ADOdb
 */
-$db = newAdoConnection('mysqli')
+$db = newAdoConnection('mysqli');
 /*
 * Set the SSL parameters
@@ Line 81: / Line 81: @@
 * Enable ADOdb
 */
-$db = newAdoConnection('mysqli')
+$db = newAdoConnection('mysqli');
 $database = 'employees';
@@ Line 96: / Line 96: @@
 </code>
-{{tag>[MySQL windows unix supported tier1]}}
+==== Forcing emulated prepared statements ====
+ADOdb 5.22 introduced support for "true" bound variables in prepared statements((using
+[[https://www.php.net/manual/en/mysqli-stmt.execute.php|mysqli_stmt_execute()]],
+see [[https://github.com/ADOdb/ADOdb/pull/655|issue #655]])).
+Before that, parameterized queries were emulated, which was a potential security risk.
+When using database engines pretending to be MySQL but not implementing prepared statements such as
+[[https://clickhouse.com/|ClickHouse]] and
+[[https://manticoresearch.com/|Manticore Search]],
+it is possible((starting with ADOdb 5.22.8)) to force usage of emulated queries (i.e. reverting to behavior of ADOdb 5.21 and older) by setting the ''doNotUseBoundVariables'' property.
+<code php>
+$db = newAdoConnection('mysqli');
+$db->doNotUseBoundVariables = true;
+$db->connect($host, $user, $password, $database);
+$db->execute($sql, $param);
+</code>
+{{tag>MySQL windows unix supported tier1}}
 {{htmlmetatags>metatag-keywords=(php, programming, database, mysql, percona, mariadb)}}