cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Lewis <br...@maine.rr.com>
Subject prepared statements
Date Wed, 18 Oct 2006 17:48:44 GMT
I just wanted to confirm something with the group.  I've been using
SQLTemplate for a few special-purpose things in our apps, mainly for
quick counts or searches.  However, someone pointed out to me recently
that it was bad to pass simple SQL strings to Oracle; I should be using
bind variables instead, or in the Java idiom, creating
PreparedStatements.  For example,
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:528893984337
preaches, "If you do not fix this, your application is doomed to utter
and total failure from day one."  I thought that was overstating the
problem just a bit, seeing as how our apps have done well for a couple
of years past day one, but okay, I'll heed the advice.

It appears that this isn't hard to do with SQLTemplate, using the #bind
directive.  I skimmed the Cayenne code and saw where it creates a
PreparedStatement with the parameters.  Very cool.

Assuming I'm on the right track so far... Will this work equally well on
different databases?  Oracle and PostgreSQL are the only ones I really
care about.  A google didn't turn up anything definitive about which
databases accept bind variables, but maybe they use different terms.

Thanks.



Mime
View raw message