Skip site navigation (1) Skip section navigation (2)

Re: Change in Log Format and Prepared Statements

From: Maciek Sakrejda <m(dot)sakrejda(at)gmail(dot)com>
To: Dave Cramer <pg(at)fastcrypt(dot)com>
Cc: Alexander Stanier <alexander(dot)stanier(at)egsgroup(dot)com>, pgsql-jdbc(at)postgresql(dot)org
Subject: Re: Change in Log Format and Prepared Statements
Date: 2012-09-13 20:12:44
Message-ID: CAOtHd0Df2_L=k+OxpWgNXso2w298V=D1GY7RDfwczTta=WjaJg@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-jdbc
To clarify, when prepareThreshold is set to zero, the driver still
uses prepared statements, but it uses only the unnamed variant, which
should effectively have no overhead compared to inlining parameters.
The separate log messages are due to this change.

Safely passing in parameters is an important reason to use prepared
statements (perhaps more so than performance), so as to protect
against SQL injection. For what it's worth, based on the logs, it
looks like you're not doing that; you should seriously consider making
that change, especially if data like user names is coming externally.


In response to

Responses

pgsql-jdbc by date

Next:From: Craig RingerDate: 2012-09-17 05:06:39
Subject: Re: Bug : FAST_NUMBER_FAILED when getting NaN on BigDecimal
Previous:From: Dave CramerDate: 2012-09-13 19:24:36
Subject: Re: Change in Log Format and Prepared Statements

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group