Article Preview
Buy Now
COLUMN
SQL Prepared Statements
Exploring a sweet new feature
Issue: 9.2 (January/February 2011)
Author Bio: Paul Lefebvre has been using REAL Studio for 9 years. His company, LogicalVue Software, specializes in creating database applications using REAL Studio. Paul also runs the RBDevZone community site and is a founding member of the Association of REALbasic Professionals.
Article Description: No description available.
Article Length (in bytes): 4,591
Starting Page Number: 78
Article Number: 9212
Related Link(s): None
Excerpt of article text...
REAL Studio 2010 Release 4.1 added a great new feature: SQL Prepared Statements (also known as parameter binding). With this new feature you no longer have to create your entire SQL statement using string concatenation! This has two major benefits: Performance and Security.
Performance
Before an SQL statement can be run, the DB engine has to parse it. Depending on the complexity of the statement, this could add a noticeable performance hit, particularly if the SQL is used repeatedly.
But when you use the prepared statement feature, your SQL is parsed just once by the database engine. The results of the parsed statement are saved so that subsequent SELECTs can be run immediately without any parsing.
Security
Have you ever heard of SQL Injection Attacks? Although not really a concern with desktop applications, SQL Injections are a serious concern with web applications. And now that REAL Studio Web Edition is available, this is something we all need to understand.
...End of Excerpt. Please purchase the magazine to read the full article.