No, ZSQL really predates bind variables. That is, they we available on a few systems, but were rare. If the Oracle specialist has a reason for going to external methods, like his server is seriously loaded, I would pay attention to him. If he is just following some set of "best practices", well, that is a political problem for Remy.
Using external methods will be more work for the zope writer. I don't know enough to comment seriously on security issues, but I think that using procedures, like using bind variables, will make SQL Injection much harder. Cynthia Kiser <cnk+z...@caltech.edu> 02/17/2009 06:44 PM To jpe...@ykksnap-america.com cc Remy Pinsonnault <remypinsonna...@gmail.com>, zope-db@zope.org Subject Re: [Zope-DB] [Zope] Stored Procedures Versus ZSQL Methods Quoting jpe...@ykksnap-america.com <jpe...@ykksnap-america.com>: > Yes, with a stored procedure the DB does not have to reparse and > prepare a new plan for every query. This can be a major win. Esp. > on Oracle. Does ZSQL allow the use of bind variables? If so and the database has a correctly sized query cache, there shouldn't be much reparsing for repeated queries. _______________________________________________ Zope-DB mailing list Zope-DB@zope.org http://mail.zope.org/mailman/listinfo/zope-db
