0PricingLogin
Go Academy · Lesson

Prepared Statements

Run parameterized queries.

What Is a Prepared Statement

A prepared statement sends the SQL text to the database once to be parsed and planned, then executes it many times with different parameters. It is faster for repeated queries and safer against injection.

Parameter Placeholders

Never build SQL by concatenating user input. Use placeholders so the driver sends values separately. PostgreSQL uses $1, $2; MySQL and SQLite use ?.

SELECT * FROM users WHERE age > $1 AND city = $2

All lessons in this course

  1. Opening a Connection
  2. Querying Rows
  3. Prepared Statements
  4. Transactions
← Back to Go Academy