On 03/24/2016 04:53 AM, Александр Кириллов wrote: >> Be careful with WordPress - it's database handler doesn't actually use >> parameterized statements, it emulates them with printf - one (of many) >> reasons I do not like the product. > > This is a rather controversial statement. There's nothing wrong with > using sprintf when building sql queries. Besides > > "Using a prepared statement is not always the most efficient way of > executing a statement. A prepared statement executed only once causes > more client-server round-trips than a non-prepared statement." > The only time database has ever been a bottleneck for me is when I am not using something like apcu to cache query results. Use of prepared statements is slower for single queries never repeated but not the bottleneck in any application I've dealt with. WordPress lack of genuine prepared statements has however caused me issues when I would like to make a query that is used more than once with different parameters.