On Nov 10, 6:35 pm, Daniel Bell <dchristianb...@gmail.com> wrote: > I'm a newb to both SQL and Clojure, and after reading this post > (http://groups.google.com/group/clojure/browse_thread/thread/718fa1b72... > ) I was curious as to exactly it means to parameterize a query. Is it > a way to automatically insert arguments into the query, a way to > destructure the results, or what? >
A normal query: select name from employee where department = 'xfiles' A parameterised query (prepared statement) which can be called later with the parameter "xfiles": select name from employee where department = ? Most databases support prepared statements which can be parsed once and then called multiple times for improved performance. The setup though has some overhead and you will occasionally hear people saying that parameterised queries are overrated. However, with JDBC, prepared statements have the advantage that the parameters, ?, are protected from SQL injection attacks: http://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java I'd recommend that you use prepared statements where possible - all the clojure database libraries support them and clojure.contrib.sql creates them behind the scenes when you do things such as insert records. Saul -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
