Skip site navigation (1) Skip section navigation (2)

Re: Prepared statements considered harmful

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Prepared statements considered harmful
Date: 2006-08-31 14:52:56
Message-ID: 200608311652.56930.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Am Donnerstag, 31. August 2006 16:26 schrieb Andrew Dunstan:
> Cached plans etc. might have an impact, but please do not overlook the
> benefits of parameterized queries in avoiding SQL injection attacks, as
> well as often being much cleaner to code.

That might be part of the confusion.  Composing queries with the variable 
parameters out of line is a very nice feature.  But that concept is totally 
independent of the question whether the execution plan should be cached.  The 
APIs (and their documentations) just don't convey that very well.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

In response to

pgsql-hackers by date

Next:From: eleinDate: 2006-08-31 15:03:27
Subject: Re: gBorg status?
Previous:From: Peter EisentrautDate: 2006-08-31 14:42:27
Subject: Re: Prepared statements considered harmful

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group