cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Lewis <>
Subject prepared statements
Date Wed, 18 Oct 2006 17:48:44 GMT
I just wanted to confirm something with the group.  I've been using
SQLTemplate for a few special-purpose things in our apps, mainly for
quick counts or searches.  However, someone pointed out to me recently
that it was bad to pass simple SQL strings to Oracle; I should be using
bind variables instead, or in the Java idiom, creating
PreparedStatements.  For example,
preaches, "If you do not fix this, your application is doomed to utter
and total failure from day one."  I thought that was overstating the
problem just a bit, seeing as how our apps have done well for a couple
of years past day one, but okay, I'll heed the advice.

It appears that this isn't hard to do with SQLTemplate, using the #bind
directive.  I skimmed the Cayenne code and saw where it creates a
PreparedStatement with the parameters.  Very cool.

Assuming I'm on the right track so far... Will this work equally well on
different databases?  Oracle and PostgreSQL are the only ones I really
care about.  A google didn't turn up anything definitive about which
databases accept bind variables, but maybe they use different terms.


View raw message