"Aidan Van Dyk" <aidan@highrise.ca> writes:
> That said, though *I* like the idea (and since I develop against
> PostgreSQL 1st and use params for my queries I would consider it a nice
> tool to "keep me honest"), I can easily see that the cost/benefit ratio
> on this could be quite low and make it not worth the code/support
> necessary.
Note that using parameters even for things which are actually constants is not
really very desirable. If you have a query like:
SELECT * FROM users WHERE userid = ? AND status = 'active'
a) It makes things a lot clearer to when you call Execute($userid) which values are actually the key user-provided
data.In more complex queries it can be quite confusing to have lots of parameters especially if the query itself only
makessense if you know what values will be passed.
b) It allows the database to take advantage of statistics on "status" that might not otherwise be possible.
Parameters are definitely the way to go for dynamic user data but for
constants which are actually an integral part of the query and not parameters
you're passing different values for each time it's actually clearer to include
them directly in the query.
-- Gregory Stark EnterpriseDB http://www.enterprisedb.com Ask me about EnterpriseDB's On-Demand Production
Tuning
