Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^3: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

by Jenda (Abbot)
on Jan 11, 2008 at 00:21 UTC ( #661761=note: print w/ replies, xml ) Need Help??


in reply to Re^2: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
in thread Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

If you treat your database as a dumb object store I bet my supadances against your socks that you are using the database very very inefficiently, bogging it down with unoptimized (and unoptimizable) ad-hoc queries, fetching many times more data that you actually need etc.

All I want from my database access layer is to let me call the stored procedures (few of them one statement only) without much fuss, thank you very much.


Comment on Re^3: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
Re^4: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
by stvn (Monsignor) on Jan 11, 2008 at 05:22 UTC
    If you treat your database as a dumb object store I bet my supadances against your socks that you are using the database very very inefficiently, bogging it down with unoptimized (and unoptimizable) ad-hoc queries, fetching many times more data that you actually need etc.
    1. How I use my database is my business, and in some of my business use cases it makes more sense to treat it like a dumb object store. For that I use DBIx::Class.
    2. Why the f*ck would I want your old dancing shoes anyway?

    Now, before you make assumptions, I suggest you actually take a look at the DBIx::Class code and the SQL queries it does generate (you can use DBIx::Class::QueryLog for that). To start with DBIx::Class allows you an extremely high degree of control over when and how much of the database it queries. Second, the many contributors to the project have made sure that the SQL it does generate is both optimized and smart (after all these people are not idiots they know how databases work very well).

    All I want from my database access layer is to let me call the stored procedures (few of them one statement only) without much fuss, thank you very much.

    If that is all you want then why do you care what I do? I am not going to tell you that what you doing is inefficient and stupid, cause I assume that you are smart enough to do that is most appropriate for your business use case. Remember, this is Perl, the land of TIMTOWTDI, you do it your way and I will do it mine. But please, please, please don't talk shit about stuff you have no clue about (*cough* DBIx::Class *cough*).

    -stvn

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://661761]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (17)
As of 2014-07-25 16:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (174 votes), past polls