| From: | Guillaume Cottenceau <gc(at)mnc(dot)ch> |
|---|---|
| To: | Oliver Jowett <oliver(at)opencloud(dot)com> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: [PERFORM] Query much slower when run from postgres function |
| Date: | 2009-03-10 08:05:52 |
| Message-ID: | 87bps9ls4f.fsf@meuh.mnc.lan |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc pgsql-performance |
Oliver Jowett <oliver 'at' opencloud.com> writes:
> The idea behind the threshold is that if a PreparedStatement object is
> reused, that's a fairly good indication that the application wants to
> run the same query many times with different parameters (since it's
> going to the trouble of preserving the statement object for reuse). But
Or it may just need the safeness of driver/database parameter
"interpolation", to get a "free" efficient safeguard against SQL
injection. As for myself, I have found no other way to obtain
driver/database parameter interpolation. So sometimes I use
prepared statements even for running a query only once. I am
unsure it is a widely used pattern, but SQL injection being quite
important to fight against, I think I may not be the only one.
--
Guillaume Cottenceau
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Jowett | 2009-03-10 08:39:44 | Re: [PERFORM] Query much slower when run from postgres function |
| Previous Message | Tom Lane | 2009-03-10 04:37:02 | Re: Renaming sequence auto generated by SERIAL type don't update pg_attrdef |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Jowett | 2009-03-10 08:39:44 | Re: [PERFORM] Query much slower when run from postgres function |
| Previous Message | Scott Carey | 2009-03-10 03:38:50 | Re: [PERFORM] Query much slower when run from postgres function |