No, ZSQL really predates bind variables.  That is, they we
available on a few systems, but were rare.  If the Oracle 
specialist has a reason for going to external methods, like
his server is seriously loaded, I would pay attention to him.
If he is just following some set of "best practices", well, that
is a political problem for Remy.

Using external methods will be more work for the zope writer. 
I don't know enough to comment seriously on security issues, 
but I think that using procedures, like using bind variables, will 
make  SQL Injection much harder.

Cynthia Kiser <> 
02/17/2009 06:44 PM

Remy Pinsonnault <>,
Re: [Zope-DB] [Zope] Stored Procedures Versus ZSQL Methods

Quoting <>:
> Yes, with a stored procedure the DB does not have to reparse and
> prepare a new plan for every query.  This can be a major win.  Esp. 
> on Oracle.

Does ZSQL allow the use of bind variables? If so and the database has
a correctly sized query cache, there shouldn't be much reparsing for
repeated queries. 

Zope-DB mailing list

Reply via email to