Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: Use Placeholders. For SECURITY and (sometimes) for PERFORMANCE

by hardburn (Abbot)
on Nov 14, 2003 at 21:12 UTC ( [id://307215]=note: print w/replies, xml ) Need Help??


in reply to Use Placeholders. For SECURITY and (sometimes) for PERFORMANCE

Don't forget about prepare_cached(). This can really help under mod_perl.

This code will do little more than suck up more memory:

for my $val(@values) { $val = $dbh->quote($val); my $sth = $dbh->prepare_cached( "UPDATE foo SET bar=7 WHERE baz=$val" ); $sth->execute(); }

This code takes up a little more memory, but also avoids having to re-prepare what is really the same statement with different input:

for my $val(@values) { my $sth = $dbh->prepare_cached( "UPDATE foo SET bar=7 WHERE baz=?" ); $sth->execute($val); }

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

: () { :|:& };:

Note: All code is untested, unless otherwise stated

Replies are listed 'Best First'.
Re: Re: Use Placeholders. For SECURITY and (sometimes) for PERFORMANCE
by mpeppler (Vicar) on Nov 14, 2003 at 22:38 UTC
    Errm... if I may - that's not a very good example of using prepare_cached(): just moving the prepare() out from the for loop and using placeholders would have worked fine (and yes, I'm fairly sure that you know this - just pointing this out for others reading this thread).

    prepare_cached() is really for the situation where you are likely to call a particular query more than once, possibly from different parts of your program, but not sequentially. In that situation DBI and the RDBMS will keep a copy of the query (and its query plan) on hand and re-use it when it is requested. You should keep in mind when using it that prepare_cached() will consume resources on the database server, because it will keep all of the queries that each client requests on hand/in cache until the clients disconnect. In some cases these query plans can be shared between clients (i.e. two different clients executing the same query), but not always (in particular I don't think that Sybase and/or MS-SQL will share query plans for prepared queries that use placeholders).

    These are all items that need to be kept in mind - as with most things that pertain to database tuning/optimization the advisability of using a particular solution "depends" on the local circumstances.

    Michael

      that's not a very good example of using prepare_cached(): . . .

      That's why I mentioned mod_perl, which, when combined with Apache::DBI, will allow you to keep prepare_cached() statements around until Apache is shut down.

      ----
      I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
      -- Schemer

      : () { :|:& };:

      Note: All code is untested, unless otherwise stated

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://307215]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others contemplating the Monastery: (6)
As of 2024-09-20 15:03 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The PerlMonks site front end has:





    Results (26 votes). Check out past polls.

    Notices?
    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.