When *not* to use prepared statements?

Question

I\'m re-engineering a PHP-driven web site which uses a minimal database. The original version used \"pseudo-prepared-statements\" (PHP functions which did quoting and parame

Answer 1

Prepared statements are being used by thousands of people and are therefore well-tested (and thus one can infer they are reasonably secure). Your custom solution is only used by you.

The chance that your custom solution is insecure is pretty high. Use prepared statements. You have to maintain less code that way.