[thelist] Dynamic vs. static SQL in large search screens

Joshua Olson joshua at waetech.com
Mon Apr 19 09:57:03 CDT 2004


> -----Original Message-----
> From: John.Brooking at sappi.com
> Sent: Monday, April 19, 2004 10:27 AM
>
>       1. Is using a dynamic SQL statement in this scenario a
> standard thing to do, or is there a better way?

First off, great question.

Dynamic SQL is not really a terrible thing.  It adds overhead, but one or
two dynamic queries on a page (not within a loop, naturally) isn't going to
be "that bad" when you consider the maintenance required to implement
anything else.

>       2. If so, where is the best place to put the logic to build the SQL
> statement?

I generally prefer to build the conditional in the middle-ware, or
presentation layer as you call it.  This is not "bad" per se, but it means
that the table structure must be known by the middle-ware and can
conceivably open your code up to exploits, such as SQL injection.  Just be a
bit careful to screen the passed conditional, and ensure that adequate
processes exist to make sure the database doesn't change without modifying
the front-end, and you'll be okay.

<><><><><><><><><><>
Joshua Olson
Web Application Engineer
WAE Tech Inc.
http://www.waetech.com/service_areas/
706.210.0168




More information about the thelist mailing list