[Zope-DB] [Zope] Stored Procedures Versus ZSQL Methods
JPenny at ykksnap-america.com
JPenny at ykksnap-america.com
Tue Feb 17 18:58:47 EST 2009
No, ZSQL really predates bind variables. That is, they we
available on a few systems, but were rare. If the Oracle
specialist has a reason for going to external methods, like
his server is seriously loaded, I would pay attention to him.
If he is just following some set of "best practices", well, that
is a political problem for Remy.
Using external methods will be more work for the zope writer.
I don't know enough to comment seriously on security issues,
but I think that using procedures, like using bind variables, will
make SQL Injection much harder.
Cynthia Kiser <cnk+zope at caltech.edu>
02/17/2009 06:44 PM
To
JPenny at ykksnap-america.com
cc
Remy Pinsonnault <remypinsonnault at gmail.com>, zope-db at zope.org
Subject
Re: [Zope-DB] [Zope] Stored Procedures Versus ZSQL Methods
Quoting JPenny at ykksnap-america.com <JPenny at ykksnap-america.com>:
> Yes, with a stored procedure the DB does not have to reparse and
> prepare a new plan for every query. This can be a major win. Esp.
> on Oracle.
Does ZSQL allow the use of bind variables? If so and the database has
a correctly sized query cache, there shouldn't be much reparsing for
repeated queries.
More information about the Zope-DB
mailing list