On Sat, 03 Jan 2004 04:57:10 -0500 Terrence Brannon <[EMAIL PROTECTED]> wrote:
Jim Cromie wrote:
My comment was based on a cursory read, and general queasyness with non-placeholder construction of complex SQL - seeing all those $,@let me make sure I understand the source of your quasiness: it is because if you use placeholders in conjunction with $dbh->prepare() then you can skip the parse phase on subsequent executes and get result caching against bind parameters depending on the DBD and database?
just made me itch.
I dont do much results caching; the RAM vs DB-load tradeoffs are not trivial to parameterize,
esp for boxes that are doing lots of different things. But a prepared statement handle still helps
in those reference (or not) table queries.
yes - due to inherent protections provided by placeholders, I favor them - One less worry.Just pasting text into SQL instead of using place holders leaves you open to all sorts of attacks.
Efficiency is good too - placeholders are an easy & portable way of getting that,
without entering realm of platform specific stored procedures.
I dont eat (much) beef either - I'll let others be the USDAs guinea pigs. Its just easier to avoid the unknowable risks.
