On 2013-11-13 00:48, Gavin Lambert wrote:
On 13/11/2013 02:17, Quoth Roland Bock:
Thanks for the input. Prepared queries are in fact not supported. I'll read up on them and report back.
In SQL Server, queries are automatically "prepared" as long as you execute the same SQL statement as previously (so the only variations are in the parameter values). That would be perfect, of course.
Provided that you do value insertion via actual parameters (either named or positional, depending on the target SQL dialect) and not via directly inserting constants into the SQL query itself, it should be fairly straightforward to extend to a dialect that requires explicit preparing; you'd just need to provide a syntax that allows you to cache a query object in a variable and then execute it multiple times with different actual values. (Using parameters is also preferred over direct insertion because it lessens the risk of script injection.)
That should be relatively easy to do (and if you encapsulate the query generation in a parametrized function it is already there). Thanks and regards, Roland