On 9/6/21 2:26 AM, Laurenz Albe wrote:
"Bind variables" just being an Oraclism for parameters, it is*not* a mistake to use them in PostgreSQL.
Actually, it is a mistake because they don't give you any performance benefit and can potentially worsen the performance. There is no cursor sharing and generic plans can be much worse than "custom" plans, generated with the actual values. The only reason for using bind variables/parameters is to protect yourself from SQL injection. Creating SQL dynamically from input is the recipe for the "little Bobby Tables" situation: https://xkcd.com/327/
-- Mladen Gogala Database Consultant Tel: (347) 321-1217 https://dbwhisperer.wordpress.com
