MySQL PHP PDO prepared statements - performance issues vs security

Question

I am thinking of rewriting some open-source application for my purposes to PDO and transactions using InnoDB (mysql_query and MyISAM now).

My question is: Which case

Answer 1

My question is: Which cases are reasonable for using prepared statements?

Well actually, that's hard to say. Especially as you didn't even tell which open source application you speak about here.

To give you an example: For a ultra-lame guestbook app PDO with prepared statements will be the perfect choice, as well for 99% of all other open source apps out there. But for some this actually can make a difference. The important part here is: You have not told anything about the application.

As the database is not unimportant to an application, it's the other way round as well: the application is not unimportant to the database.

So you either need to share more about that "mysterious" open-source application you ask about or you need to tell us, what exactly you would like to know. Because generally, it's simple: Take PDO. But in specific, there are differences, so you need to tell us what the application in specific is, otherwise your question is already answered.

And btw., if the application is mysql_* style, it's much easier to just replace with mysqli_* interface. If you had done some actually rewriting, even just for fun, you would have seen that.

So better add more meat here or live with some not-so-precise answers.