This is awesome, guys. Clear and helpful. Thanks a ton. And Sean, I actually already know how with-query-results worked...from studying the example on your blog.
Thanks again! ---Daniel On Nov 10, 11:07 am, Saul Hazledine <shaz...@gmail.com> wrote: > On Nov 10, 6:35 pm, Daniel Bell <dchristianb...@gmail.com> wrote: > > > I'm a newb to both SQL and Clojure, and after reading this post > > (http://groups.google.com/group/clojure/browse_thread/thread/718fa1b72... > > ) I was curious as to exactly it means to parameterize a query. Is it > > a way to automatically insert arguments into the query, a way to > > destructure the results, or what? > > A normal query: > select name from employee where department = 'xfiles' > > A parameterised query (prepared statement) which can be called later > with the parameter "xfiles": > select name from employee where department = ? > > Most databases support prepared statements which can be parsed once > and then called multiple times for improved performance. The setup > though has some overhead and you will occasionally hear people saying > that parameterised queries are overrated. However, with JDBC, prepared > statements have the advantage that the parameters, ?, are protected > from SQL injection attacks: > > http://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java > > I'd recommend that you use prepared statements where possible - all > the clojure database libraries support them and clojure.contrib.sql > creates them behind the scenes when you do things such as insert > records. > > Saul -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
