launchpad-dev team mailing list archive

[Ian Booth <ian.booth@xxxxxxxxxxxxx>]

Hi

In keeping with the theme of Performance Tuesday, I thought I'd ask a
question about a particular implementation aspect since it potentially
relates to performance.

My question is: we don't appear to be using SQL prepared statements when
accessing the database; why is this? Given the amount of SQL being
executed, there's potentially a significant performance gain to be had,
not to mention the reduced potential for SQL injection type attacks on
the system. Having come from an Oracle background, using prepared
statements is a no brainer for me. Perhaps there's a Python/Postgres
issue I'm not aware of?

Thanks for any insight.