-->
These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

View unanswered posts | View active topics


Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]


Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 5 posts ] 
  Previous topic | Next topic 
Author Message
nerotnt
 Post subject: Paranoid with performance (session.find)
PostPosted: Tue Jan 27, 2004 5:48 am 
Pro
Pro

Joined: Wed Oct 08, 2003 10:31 am
Posts: 247
I would like to know please which one's faster:

Method 1
Code:
List res = session.find("from pt.Xpto as x where x.ref = '" + ref + "'");


Method 2
Code:
List res = session.find("from pt.Xpto as x where x.ref = ?",
                                ref,
                                Hibernate.STRING);


Do they produce the same sql code?

Thanks in advance.
Top
 Profile  
 
drj
 Post subject:
PostPosted: Tue Jan 27, 2004 6:03 am 
Expert
Expert

Joined: Fri Nov 07, 2003 4:24 am
Posts: 315
Location: Cape Town, South Africa
The one using a parameter will produce a (prepared)statement which can be cached and used on subsequent executions of the method. This will probably improve performance in the long run, and is recommended.

Also - you don't need to escape the string for ominous chanacters if using the parameter based version.

My recommendation - 'always' use parameterised queries.

Justin
Top
 Profile  
 
nerotnt
 Post subject:
PostPosted: Tue Jan 27, 2004 6:53 am 
Pro
Pro

Joined: Wed Oct 08, 2003 10:31 am
Posts: 247
drj wrote:
The one using a parameter will produce a (prepared)statement which can be cached and used on subsequent executions of the method. This will probably improve performance in the long run, and is recommended.

Also - you don't need to escape the string for ominous chanacters if using the parameter based version.

My recommendation - 'always' use parameterised queries.

Justin


Thanks for the reply.
Please explain the "need to escape the string for ominous chanacters if using the parameter..." part.
Top
 Profile  
 
christian
 Post subject:
PostPosted: Tue Jan 27, 2004 7:02 am 
Hibernate Team
Hibernate Team

Joined: Mon Aug 25, 2003 9:11 pm
Posts: 4592
Location: Switzerland
SQL Injection.

http://www.sitepoint.com/article/794

_________________
JAVA PERSISTENCE WITH HIBERNATE
http://jpwh.org
Get the book, training, and consulting for your Hibernate team.

Top
 Profile  
 
nerotnt
 Post subject:
PostPosted: Tue Jan 27, 2004 7:11 am 
Pro
Pro

Joined: Wed Oct 08, 2003 10:31 am
Posts: 247
christian wrote:
SQL Injection.

http://www.sitepoint.com/article/794


Thanks all for the advice.
Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 5 posts ] 

Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.