On 11 August 2015 at 06:44, Mister Junk <junkmail3568540@xxxxxxxxx> wrote: > I'm using prepared statements to prevent SQL injection, but I have done some > reading and it seems like using Prepared statements COULD improve > performance. I understand the concept, but I do not know how to implement > this. They could, they could also reduce performance. Prepared statements store and reuse an earlier generated query plan for a query, so that's the time you safe. However, because the query planner can't make use of the actual query parameter values (they are yet unknown at that point), it can only generate a general query plan. If your data is equally distributed for your query parameters, that won't matter much, but if some values are far more common than others, that can actually hurt performance. In case of a normal statement, the query planner has enough information to decide which plan would be more efficient. With a prepared statement it has not. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
