Thanks for your help!
Rémy
On Wed, Feb 18, 2009 at 3:53 AM, Charlie Clark char...@egenix.com wrote:
Am 18.02.2009, 00:58 Uhr, schrieb jpe...@ykksnap-america.com:
Using external methods will be more work for the zope writer.
I don't know enough to comment seriously on security issues,
but I think that using procedures, like using bind variables, will
make SQL Injection much harder.
The mxODBC Zope DA makes the execute() method available to connection
object instances which allows for parameter binding and the next release
will make this available for PythonScripts. Rather than use ExternalMethods,
however, I'd suggest that you use Views instead which make tying everything
together a lot easier.
Regarding performance: the comparisons we did a few years ago suggested
that parameter binding is around 40% faster for non-cached access from Zope
as Zope does quite a lot of work to turn ZSQL methods into usable queries.
If the caching works for you then you will have pretty good performance
because Zope will only actually run the query for something that isn't in
the cache. Stored procedures can offer a performance improvement if you plan
to manipulate the data in any way, ie. if you want to get data out of
several views and do something with it before you pass it to the browser.
But most importantly - in the Zope world the RDBMS is unlikely ever to be
your bottleneck.
Charlie
--
Charlie Clark
eGenix.com
Professional Python Services directly from the Source
Python/Zope Consulting and Support ...http://www.egenix.com/
mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/
::: Try our new mxODBC.Connect Python Database Interface for free !
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
___
Zope-DB mailing list
Zope-DB@zope.org
http://mail.zope.org/mailman/listinfo/zope-db
___
Zope-DB mailing list
Zope-DB@zope.org
http://mail.zope.org/mailman/listinfo/zope-db