In the Rails 3 timeframe, I would like Rails to...

add prepared statement support to ActiveRecord

In cases where bulk update type operations and/or repetitive queries are required, allowing for SQL statements to be prepared and then have variables bound to them can improve performance significantly.

145 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    weyusweyus shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • toddwftoddwf commented  ·   ·  Flag as inappropriate

        This is both a performance and a security issue...and imho, an issue that would bring better acceptance of rails as an enterprise class frameworks. Prepared statements are the designated way for the databases to avoid sql injection.

      • uzytkownikuzytkownik commented  ·   ·  Flag as inappropriate

        I'm not sure but maybe in the Production mode they should be cached (i.e find_all_by_id internally would create an prepare statement at first run and then use it)?

      Feedback and Knowledge Base