allow execution of queries without prepared statements #29
Conversation
5 similar comments
3 similar comments
|
@baztian, could you have a look over this and see if it's better suited than the other approach? Ta! |
|
Thanks again for you pull request. I was proposing to change the |
|
There's an overhead in first preparing, then executing the query, both client-side and database-side. It's not big, but if you're firing off a lot of queries, it can have a cost, so I think being able to choose on a query-by-query basis whether you'll use prepared statements or not might be beneficial? I ran a few simple tests using jaydebeapi and a local hsql database, and prepared statements were consistently 5% slower than direct queries. So, personally, I'd prefer to choose the more appropriate option on a query-by-query basis. |
|
Thanks for the clarification. I think it depends on the database and on the type of query you run and how often you run it. So your solution to have a choice at statement execution time seems to be good. Anyways it is not db-api standard. |
|
There is no support (and no fallback or warning) if parameters have been supplied. |
|
If you are using a library like Pandas to run SQL queries, it would be nice to be able to change this option on the |
|
I had just opened another PR similar to this (it simply used a regular statement when no parameters are given), but I closed it and figured I'd just add to the discussion here. Not all database drivers give the option to disable server-side prepared statements, and we've run into specific issues with Vertica when using some of their internal "procedures" within a prepared statement (Vertica doesn't have stored procedures. What you would normally do as one is instead implemented as a function with a side effect. Gross.) |
|
I should also note that besides adding a level of protection against SQL injection, prepared statements are often used for performance purposes when the same query is being executed multiple times with different parameters (executemany() does this). But with JDBC, that requires that the original PreparedStatement object be used, which isn't possible in execute() due to how the Cursor closes and recreates the statement every time. You could achieve this by using a dictionary to hold the prepared statements, with the SQL acting as the key. This is really a completely separate topic though, but my point is that there is absolutely no reason, with the way that the Cursor currently implements execute(), to use a prepared statement there at all if there are no parameters being passed. executemany() is a different story, but you wouldn't likely be using that without parameters. |
|
I have the exact same setup as @fmcmac with Drill. Is there a working solution with a parameter like |
|
Has there been any update on this Pull request? I'm also using the same Drill setup and you like to be able to run queries besides select statements |
|
It's been over 2 years since the last request for an update on this PR. Can this update either be applied, or at least add a comment with the reason why it will not be merged in? |
|
@baztian We also run into this issue when PREPARE isn't needed. I think either passing this flag via the |
Execute queries as prepared statements by default, but allow the option of executing them as standard statements.