Oracle 5.0 Reference Manual page 1155

SQL Syntax for Prepared Statements
To guard against too many prepared statements being created simultaneously, set the
[470] system variable. To prevent the use of prepared statements, set
max_prepared_stmt_count
the value to 0.
The following SQL statements can be used in prepared statements:
ALTER TABLE
CALL
COMMIT
{CREATE | DROP} INDEX
{CREATE | DROP} TABLE
DELETE
DO
INSERT
RENAME TABLE
REPLACE
SELECT
SET
SHOW (most variants)
TRUNCATE TABLE
UPDATE
As of MySQL 5.0.23, the following additional statements are supported:
ANALYZE TABLE
OPTIMIZE TABLE
REPAIR TABLE
Other statements are not supported in MySQL 5.0.
Generally, statements not permitted in SQL prepared statements are also not permitted in stored
programs. Exceptions are noted in Section E.1, "Restrictions on Stored Programs".
As of MySQL 5.0.7, placeholders can be used for the arguments of the clause when using
LIMIT
prepared statements. See Section 13.2.8, "SELECT Syntax".
In prepared statements used with and EXECUTE, placeholder support for and
CALL PREPARE OUT
parameters is not available in MySQL 5.0. See Section 13.2.1, "CALL Syntax", for an example
INOUT
and a workaround. Placeholders can be used for parameters regardless of version.
IN
SQL syntax for prepared statements cannot be used in nested fashion. That is, a statement passed to
cannot itself be a PREPARE, EXECUTE, or statement.
PREPARE DEALLOCATE PREPARE
SQL syntax for prepared statements is distinct from using prepared statement API calls. For example,
you cannot use the C API function to prepare a PREPARE, EXECUTE, or
mysql_stmt_prepare()
statement.
DEALLOCATE PREPARE
SQL syntax for prepared statements cannot be used within stored routines (procedures or functions),
or triggers. This restriction is lifted as of MySQL 5.0.13 for stored procedures, but not for stored
functions or triggers. However, a cursor cannot be used for a dynamic statement that is prepared and
executed with and EXECUTE. The statement for a cursor is checked at cursor creation time,
PREPARE
so the statement cannot be dynamic.
SQL syntax for prepared statements does not support multi-statements (that is, multiple statements
within a single string separated by ";" characters).
To write C programs that use the SQL statement to execute stored procedures that contain
CALL
prepared statements, the flag must be enabled. This is because each
CLIENT_MULTI_RESULTS
returns a result to indicate the call status, in addition to any result sets that might be returned by
CALL
statements executed within the procedure.
can be enabled when you call mysql_real_connect(),
CLIENT_MULTI_RESULTS
either explicitly by passing the flag itself, or implicitly by passing
CLIENT_MULTI_RESULTS
1135