Proper MySQLi parameterized query syntax from http://php.net/manual/en/mysqli.quickstart.prepared-statements.php:
$stmt = $mysqli->prepare("INSERT INTO test(id) VALUES (?)");
$stmt->bind_param("i", $id);
But never something like:
$stmt = $mysqli->prepare("INSERT INTO test(id) VALUES (:id_value)");
$stmt->bind_param("i", "id_value", $id);
It appears to me that named parameter substitution is a reasonable feature to be implemented at the API level. I am surprised that MySQLi only implemented unnamed parameters in the library.
Is there a valid reason? It doesn't make sense to me, seeing how PDO, DQL, ORM all have adopted named parameters in their queries.
I hope it was not the case of "We were lazy & don't wanna" on the part of MySQLi developers. I believe there must've been a good reason and I am looking for that reason, or a way to seek out that reason. The reason for named parameters not being implemented in MySQLi extensions library.
MYSQLi doesn't support named parameters for two main reasons:
PDO, does - and there is no point re-inventing the wheel To elaborate on point 1: mysqli, despite its many downfalls when compared to PDO, becomes easily comparable with a good wrapper - that is, named parameters (among others) are supported by the wrapper rather than mysqli itself. This is by design for one sole reason:
Mysqli is designed to be a fast and flexible library. If the developers incorporated many more features into the base library, it becomes, counter intuitively, less flexible and requires longer load/execution times.
Both mysqli and pdo were released with PHP 5 (PDO with version 5.3, I believe) and as such are intended for different uses.
You want faster execution times? use mysqli without a wrapper. You want named parameters? use PDO or build a mysqli wrapper to handle such - but be warned, this will hinder your execution times.