Re: SQL injection

On Tue, Nov 01, 2005 at 11:19:12AM -0600, Scott Marlowe wrote:
> On Tue, 2005-11-01 at 09:09, Jim C. Nasby wrote:
> > On Mon, Oct 31, 2005 at 10:13:20PM -0500, Alex Turner wrote:
> > > I didn't think query plans were cached between sessions, in which case
> > > prepeared statements aren't worth much for most HTTP based systems
> > > (not counting luckily re-using the same connection using pgpool)...
> > >
> > > Please correct me if I'm mistaken - I like being wrong ;)
> >
> > No, you're right, but if you're not using connection pooling you clearly
> > don't care about performance anyway...
>
> Depends on what you mean by performance. I've written apps that were
> used by one or two people at once, and spit out 100M at a shot for an
> excel spread sheet or made huge 100 page pdfs. They had to run fast,
> but connection time wasn't an issue. Since the average run time of
> those scripts as 1 to 30 seconds, the connect time was absolutely not an
> issue.

Hrm... what's that quote about stereotyping? :)

Granted, sometimes connection startup time doesn't matter. But in most
web environments (we are talking PHP here remember) you'll either be
using a connection pool or not caring at all about performance...
--
Jim C. Nasby, Sr. Engineering Consultant jnasby(at)pervasive(dot)com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461