Skip site navigation (1) Skip section navigation (2)

Re: Prepared statements considered harmful

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Prepared statements considered harmful
Date: 2006-08-31 14:52:56
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Am Donnerstag, 31. August 2006 16:26 schrieb Andrew Dunstan:
> Cached plans etc. might have an impact, but please do not overlook the
> benefits of parameterized queries in avoiding SQL injection attacks, as
> well as often being much cleaner to code.

That might be part of the confusion.  Composing queries with the variable 
parameters out of line is a very nice feature.  But that concept is totally 
independent of the question whether the execution plan should be cached.  The 
APIs (and their documentations) just don't convey that very well.

Peter Eisentraut

In response to

pgsql-hackers by date

Next:From: eleinDate: 2006-08-31 15:03:27
Subject: Re: gBorg status?
Previous:From: Peter EisentrautDate: 2006-08-31 14:42:27
Subject: Re: Prepared statements considered harmful

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group