You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ibatis.apache.org by "Hugo Hallman (JIRA)" <ib...@incubator.apache.org> on 2005/09/24 08:50:28 UTC

[jira] Commented: (IBATISNET-18) Improve execution of SqlCommand text

    [ http://issues.apache.org/jira/browse/IBATISNET-18?page=comments#action_12330357 ] 

Hugo Hallman commented on IBATISNET-18:
---------------------------------------

Including the parameters values in the command string is very dangerous considering "sql-injection" and it also slows performance, since changing the command string makes the sql server's command string cache useless, forcing the server to compile and optimize new commands on every query.

> Improve execution of SqlCommand text
> ------------------------------------
>
>          Key: IBATISNET-18
>          URL: http://issues.apache.org/jira/browse/IBATISNET-18
>      Project: iBatis for .NET
>         Type: Improvement
>  Environment: Data Mapper
>     Reporter: Gilles Bayon
>     Priority: Minor

>
> Idea from Alexey Boroday
> Hello
>  I see that SqlCommand executes commands with parameters with sp_execsql.
>  But it is too slow. 
>  My proposition is parse CommandText and replace parameter names with parameter values inside CommandText e.g.
>  Lets say we have command 
> delete from Table1 where id = @id
>  so this cammand will be passed to the server as 
> exec sp_executesql N'delete from Table1 where id =  @P1 ', N'@P1 nvarchar(2)', N'5'
>  This command performance isn't very differs from the plain text command.
> But for complex select query performance very much slow. The same query without parameters works faster.
>  I'd like to propose inside iBATIS (somewhere, I cann't still find where) parse command text and replace params via their values in the CommandText.
> After that into the server will be posted query like this:
> delete from Table1 where id = 5
>  May I try to implement such behaviour as an option?
> Happy New Year.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira