Re: "Best Practices" for Application SQL coding

  • From: "Gints Plivna" <gints.plivna@xxxxxxxxx>
  • To: sacrophyte@xxxxxxxxx
  • Date: Thu, 30 Oct 2008 16:53:03 +0200

If you read the entire thread (yes a loooong read) then you'd find
many approaches and most of them bad :)
We are actually using either contexts or somtehing similar to approach
proposed by Darko (without dreaded % in the front of predicates of
course! search in this thread for it).
The main idea is to keep binds, do not allow sql injection
possibilities and also keep different plans for different search
combinations. At least I personally don't know other techniques than
either using contexts or something similar as Darko proposed. Or of
course listing all possible combinations in your code :D

Gints Plivna

2008/10/30 Charles Schultz <sacrophyte@xxxxxxxxx>:
> Awesome, thanks!
> Given that Tom submitted that in 2001 under 8i, are people still using that
> method? Is this a rather current approach to this particular problem?

Other related posts: