Thanks for your help!
On Wed, Feb 18, 2009 at 3:53 AM, Charlie Clark <char...@egenix.com> wrote:
> Am 18.02.2009, 00:58 Uhr, schrieb <jpe...@ykksnap-america.com>:
> > Using external methods will be more work for the zope writer.
> > I don't know enough to comment seriously on security issues,
> > but I think that using procedures, like using bind variables, will
> > make SQL Injection much harder.
> The mxODBC Zope DA makes the execute() method available to connection
> object instances which allows for parameter binding and the next release
> will make this available for PythonScripts. Rather than use ExternalMethods,
> however, I'd suggest that you use Views instead which make tying everything
> together a lot easier.
> Regarding performance: the comparisons we did a few years ago suggested
> that parameter binding is around 40% faster for non-cached access from Zope
> as Zope does quite a lot of work to turn ZSQL methods into usable queries.
> If the caching works for you then you will have pretty good performance
> because Zope will only actually run the query for something that isn't in
> the cache. Stored procedures can offer a performance improvement if you plan
> to manipulate the data in any way, ie. if you want to get data out of
> several views and do something with it before you pass it to the browser.
> But most importantly - in the Zope world the RDBMS is unlikely ever to be
> your bottleneck.
> Charlie Clark
> Professional Python Services directly from the Source
> >>> Python/Zope Consulting and Support ... http://www.egenix.com/
> >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
> >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
> ::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
> eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
> Registered at Amtsgericht Duesseldorf: HRB 46611
> Zope-DB mailing list
Zope-DB mailing list