You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ibatis.apache.org by "Hugo Hallman (JIRA)" <ib...@incubator.apache.org> on 2005/09/24 08:50:28 UTC
[jira] Commented: (IBATISNET-18) Improve execution of SqlCommand text
[ http://issues.apache.org/jira/browse/IBATISNET-18?page=comments#action_12330357 ]
Hugo Hallman commented on IBATISNET-18:
---------------------------------------
Including the parameters values in the command string is very dangerous considering "sql-injection" and it also slows performance, since changing the command string makes the sql server's command string cache useless, forcing the server to compile and optimize new commands on every query.
> Improve execution of SqlCommand text
> ------------------------------------
>
> Key: IBATISNET-18
> URL: http://issues.apache.org/jira/browse/IBATISNET-18
> Project: iBatis for .NET
> Type: Improvement
> Environment: Data Mapper
> Reporter: Gilles Bayon
> Priority: Minor
>
> Idea from Alexey Boroday
> Hello
> I see that SqlCommand executes commands with parameters with sp_execsql.
> But it is too slow.
> My proposition is parse CommandText and replace parameter names with parameter values inside CommandText e.g.
> Lets say we have command
> delete from Table1 where id = @id
> so this cammand will be passed to the server as
> exec sp_executesql N'delete from Table1 where id = @P1 ', N'@P1 nvarchar(2)', N'5'
> This command performance isn't very differs from the plain text command.
> But for complex select query performance very much slow. The same query without parameters works faster.
> I'd like to propose inside iBATIS (somewhere, I cann't still find where) parse command text and replace params via their values in the CommandText.
> After that into the server will be posted query like this:
> delete from Table1 where id = 5
> May I try to implement such behaviour as an option?
> Happy New Year.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira