On Tue, Nov 01, 2005 at 11:31:36PM +0200, Yonatan Ben-Nes wrote: > Jim C. Nasby wrote: > >Yes, when you start getting into dynamically generated SQL you quickly > >loose the performance benefit of prepared statements just because odds > >are good that nothing else will use it. But you still have the benefit > >of bound parameters and protection from injection. > > My problem with the dynamically generated SQL is that I'll have to > create and maintain lots of prepared statements and be sure that I dont > miss any available option, and also every time that ill have to do basic > changes at the queries I'll have to update each one of those prepared > statements.... it seems to me like of extra work for sites which can > create many dynamic queries. So don't maintain them. Just re-plan every time. My point is using bound parameters to protect against injection. As for the sub-optimal planning, I don't think that's normally an issue unless your data distribution is uneven. -- Jim C. Nasby, Sr. Engineering Consultant jnasby@xxxxxxxxxxxxx Pervasive Software http://pervasive.com work: 512-231-6117 vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461 ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
