Re: Creating Dynamic SQL statements using arrays

The comments on joins et al are good, however you may need to keep in mind the performance of your RDBMS.

If you're using static "variables" rather than placeholders, your DB engine will have to re-parse your statement (with considerable overhead).

I guess you wouldnt really have to worry too much if you've only got a low load application.

Comment on Re: Creating Dynamic SQL statements using arrays

Replies are listed 'Best First'.
Re: Re: Creating Dynamic SQL statements using arrays by autarch (Hermit) on Jul 11, 2002 at 16:41 UTC
This only applies to certain DBMS's. Oracle definitely pre-parses. MySQL definitely does not, nor does Postgres. Sybase probably does. However ,the other reason to use placeholders is to protect yourself from attacks. If you just blindly go using user-provided input, you better make sure to call $dbh->quote on every piece. Or you could use placeholders and let the DBD::* driver do the work for you. Plus if you ever switch from MySQL to Oracle, your SQL will immediately have a performance advantage over not using placeholders.	[reply]

Replies are listed 'Best First'.

Re: Re: Creating Dynamic SQL statements using arrays
by autarch (Hermit) on Jul 11, 2002 at 16:41 UTC

This only applies to certain DBMS's. Oracle definitely pre-parses. MySQL definitely does not, nor does Postgres. Sybase probably does. However ,the other reason to use placeholders is to protect yourself from attacks. If you just blindly go using user-provided input, you better make sure to call $dbh->quote on every piece. Or you could use placeholders and let the DBD::* driver do the work for you. Plus if you ever switch from MySQL to Oracle, your SQL will immediately have a performance advantage over not using placeholders.

[reply]