Using stored procedures with parameterized queries. What is the meaning of it?

Question

Why we use parameterized queries? Because we tell it what type of parameter should it accept (integer, string, ....).

prepare("SELECT * FROM table WHERE id= ?")
bind_param("i", $id)  //only accepts integer

On the other hand we already telling a stored procedure what type of input should it accept

CREATE PROCEDURE select(IN id INT) //only int as id
BEGIN
  SELECT * FROM table WHERE id =id;
END //

So what is the meaning writing a parameterized query after calling a stored procedure?

NOTE: Using mysql trying to use stored procedures. Not sure if I should delete my before parameterized queries.

this question's reason is clear as day. I am asking if its necessary or not. Idk how to be more specific. there is a group who clicks "on hold" whenever they can't tell something about question. Which is SoF's biggest problem — Webber Depor, Dec 13 '15 at 22:09

score 1 · Answer 1 · answered Dec 12 '15 at 22:31

NO, your first shown form is a DYNAMIC QUERY or prepared query

prepare("SELECT * FROM table WHERE id= ?")
bind_param("i", $id)  //only accepts integer

So with bind_param you are dynamically binding the parameter value with the $id variable.

If you are calling the stored procedure with passing the id parameter then there is no need of that dynamic query building.

1 Answers1