| From: | Maciek Sakrejda <m(dot)sakrejda(at)gmail(dot)com> |
|---|---|
| To: | Dave Cramer <pg(at)fastcrypt(dot)com> |
| Cc: | Alexander Stanier <alexander(dot)stanier(at)egsgroup(dot)com>, pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: Change in Log Format and Prepared Statements |
| Date: | 2012-09-13 20:12:44 |
| Message-ID: | CAOtHd0Df2_L=k+OxpWgNXso2w298V=D1GY7RDfwczTta=WjaJg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
To clarify, when prepareThreshold is set to zero, the driver still
uses prepared statements, but it uses only the unnamed variant, which
should effectively have no overhead compared to inlining parameters.
The separate log messages are due to this change.
Safely passing in parameters is an important reason to use prepared
statements (perhaps more so than performance), so as to protect
against SQL injection. For what it's worth, based on the logs, it
looks like you're not doing that; you should seriously consider making
that change, especially if data like user names is coming externally.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Craig Ringer | 2012-09-17 05:06:39 | Re: Bug : FAST_NUMBER_FAILED when getting NaN on BigDecimal |
| Previous Message | Dave Cramer | 2012-09-13 19:24:36 | Re: Change in Log Format and Prepared Statements |