[Zope-DB] [Zope] Stored Procedures Versus ZSQL Methods

Remy Pinsonnault remypinsonnault at gmail.com
Wed Feb 18 13:54:47 EST 2009

Thanks for your help!

On Wed, Feb 18, 2009 at 3:53 AM, Charlie Clark <charlie at egenix.com> wrote:

> Am 18.02.2009, 00:58 Uhr, schrieb <JPenny at ykksnap-america.com>:
> > Using external methods will be more work for the zope writer.
> > I don't know enough to comment seriously on security issues,
> > but I think that using procedures, like using bind variables, will
> > make  SQL Injection much harder.
> The mxODBC Zope DA makes the execute() method available to connection
> object instances which allows for parameter binding and the next release
> will make this available for PythonScripts. Rather than use ExternalMethods,
> however, I'd suggest that you use Views instead which make tying everything
> together a lot easier.
> Regarding performance: the comparisons we did a few years ago suggested
> that parameter binding is around 40% faster for non-cached access from Zope
> as Zope does quite a lot of work to turn ZSQL methods into usable queries.
> If the caching works for you then you will have pretty good performance
> because Zope will only actually run the query for something that isn't in
> the cache. Stored procedures can offer a performance improvement if you plan
> to manipulate the data in any way, ie. if you want to get data out of
> several views and do something with it before you pass it to the browser.
> But most importantly - in the Zope world the RDBMS is unlikely ever to be
> your bottleneck.
> Charlie
> --
> Charlie Clark
> eGenix.com
> Professional Python Services directly from the Source
> >>> Python/Zope Consulting and Support ...        http://www.egenix.com/
> >>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
> >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
> ________________________________________________________________________
> ::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
>   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
>    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>           Registered at Amtsgericht Duesseldorf: HRB 46611
>               http://www.egenix.com/company/contact/
> _______________________________________________
> Zope-DB mailing list
> Zope-DB at zope.org
> http://mail.zope.org/mailman/listinfo/zope-db
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope-db/attachments/20090218/300f4972/attachment.html 

More information about the Zope-DB mailing list