|
Not usually. What usually happens is something like this: SELECT * FROM bar_table WHERE x = 123;
Is converted into a datastructure like this in the database engine (really simplified): {
"querytype": "select",
"fields": ["bar_table.x", "bar_table.y", "bar_table.z"],
"tables": ["bar_table"],
"where_filters": ["x", "=", 123]
}
Which is then converted into a list of things to do to run that query.Now, if you give it a prepared statement: SELECT * from bar_table WHERE x = ?;
The database engine can convert that into a closure, something like this: function(arg1){
return {
"querytype": "select",
"fields": ["bar_table.x", "bar_table.y", "bar_table.z"],
"tables": ["bar_table"],
"where_filters": ["x", "=", arg1]
};
}
Then when you run the prepared query, it can simply call the closure, putting the right value in the datastructure without escaping anything, and continuing on from there.Of course, the realities of it are more complicated than that for optimization reasons, but that's the basis of it. |