On Tue, Nov 01, 2005 at 11:31:36PM +0200, Yonatan Ben-Nes wrote:
> Jim C. Nasby wrote:
> >Yes, when you start getting into dynamically generated SQL you quickly
> >loose the performance benefit of prepared statements just because odds
> >are good that nothing else will use it. But you still have the benefit
> >of bound parameters and protection from injection.
>
> My problem with the dynamically generated SQL is that I'll have to
> create and maintain lots of prepared statements and be sure that I dont
> miss any available option, and also every time that ill have to do basic
> changes at the queries I'll have to update each one of those prepared
> statements.... it seems to me like of extra work for sites which can
> create many dynamic queries.
So don't maintain them. Just re-plan every time. My point is using bound
parameters to protect against injection.
As for the sub-optimal planning, I don't think that's normally an issue
unless your data distribution is uneven.
--
Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461