- Use
PDO::execto issue one-off non-prepared statements that don’t return result sets. - Use
PDO::queryto issue one-off non-prepared statements that return result sets.
Both of these are useful if the statements are only executed one time and/or if they are constructed dynamically in a way that is not supported by prepared statements. Usually requires additional tooling to properly construct statements (and avoid things like SQL injection vulnerabilities). That coupled to the fact their flexibility is seldom needed means that it’s often preferred to:
- Use
PDOStatement::prepareandPDOStatement::executeto prepare statements and execute them, regardless of whether they return results or not. Useful if executed multiple times and/or in a hot path. Also doesn’t require additional tooling to handle statement construction. Almost always recommended whenever possible.