<P> On the other hand, if a query is executed only once, server - side prepared statements can be slower because of the additional round - trip to the server . Implementation limitations may also lead to performance penalties; for example, some versions of MySQL did not cache results of prepared queries . A stored procedure, which is also precompiled and stored on the server for later execution, has similar advantages . Unlike a stored procedure, a prepared statement is not normally written in a procedural language and cannot use or modify variables or use control flow structures, relying instead on the declarative database query language . Due to their simplicity and client - side emulation, prepared statements are more portable across vendors . </P> <P> Major DBMSs, including MySQL, Oracle, DB2, Microsoft SQL Server and PostgreSQL . widely support prepared statements . Prepared statements are normally executed through a non-SQL binary protocol for efficiency and protection from SQL injection, but with some DBMSs such as MySQL prepared statements are also available using a SQL syntax for debugging purposes . </P> <P> A number of programming languages support prepared statements in their standard libraries and will emulate them on the client side even if the underlying DBMS does not support them, including Java's JDBC, Perl's DBI, PHP's PDO and Python's DB - API . Client - side emulation can be faster for queries which are executed only once, by reducing the number of round trips to the server, but is usually slower for queries executed many times . It resists SQL injection attacks equally effectively . </P> <P> Many types of SQL injection attacks can be eliminated by disabling literals, effectively requiring the use of prepared statements; as of 2007 only H2 supports this feature . </P>

Which version of mysql introduced the prepared statements