I just wanted to confirm something with the group. I've been using
SQLTemplate for a few special-purpose things in our apps, mainly for
quick counts or searches. However, someone pointed out to me recently
that it was bad to pass simple SQL strings to Oracle; I should be using
bind variables instead, or in the Java idiom, creating
PreparedStatements. For example,
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:528893984337
preaches, "If you do not fix this, your application is doomed to utter
and total failure from day one." I thought that was overstating the
problem just a bit, seeing as how our apps have done well for a couple
of years past day one, but okay, I'll heed the advice.
It appears that this isn't hard to do with SQLTemplate, using the #bind
directive. I skimmed the Cayenne code and saw where it creates a
PreparedStatement with the parameters. Very cool.
Assuming I'm on the right track so far... Will this work equally well on
different databases? Oracle and PostgreSQL are the only ones I really
care about. A google didn't turn up anything definitive about which
databases accept bind variables, but maybe they use different terms.
Thanks.
This archive was generated by hypermail 2.0.0 : Wed Oct 18 2006 - 13:49:21 EDT