>
> > The specific needs I can think of for prepared statements are both
> > performance related. Expensive to plan queries benefit from being
> > prepared once and reused. Also, if you have large objects in your
> > database, using prepared statements and bound variables performs
> > better as they don't have to be serialized.
> >
> > I would recommend reading the following if you haven't already:
> > http://sequel.rubyforge.org/rdoc/files/doc/prepared_statements_rdoc.html
> >
>
>
> Thanks for the detailed response. The main reason for using prepared
> statements is to prevent sql injection, then the performance. If the way the
> variables are bound in a normal statement protects against this then I'm not
> so bothered about the prepared statements, until I find a particular
> bottleneck. In most of the libraries I've used previously, binding variables
> (using the database engine's binding facilities) is a function only
> available to prepared statements.
>
> Regards,
> Iain
>
> Hi Iain,
here is a snippet of my code - tested and reliable - this is using
parameters so injection is out.
Note I've not given the whole picture only a method that is short (most of
my SQL methods inside this class are about the same lines are actually
longer).
# Get ALL comments from the table and return them.
# I pass in a integer value that a user has entered somewhere along the
way and so a search for matches are made and returned.
#
def get_entered_comments(nos)
@log.debug("getting comments for record #{nos}")
@db[:comments].filter(:cust_code=>nos)
end
regards,
Dave
--
You received this message because you are subscribed to the Google Groups
"sequel-talk" group.
To post to this group, send email to sequel-talk@googlegroups.com.
To unsubscribe from this group, send email to
sequel-talk+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/sequel-talk?hl=en.
