hazaar/framework
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

Feature: Prepared statements #329

New issue
Closed
opened 2025-03-17 23:52:48 +00:00 by jamie · 4 comments
jamie commented 2025-03-17 23:52:48 +00:00 (Migrated from git.hazaar.io)
Copy link

Problem Statement

Hazaar now uses prepared statements for all database queries executed through the QueryBuilder. However, these prepared statements are currently only used internally within the DBI PDO driver class for SQL injection protection via parameter binding. There is no way for developers to retrieve and reuse prepared statements when executing multiple queries, such as batch updates or repeated selects. This results in redundant query preparation, which impacts performance and efficiency.

Who will benefit?

  • Developers executing multiple queries of the same structure.
  • Applications that require high-performance database operations with reduced overhead.
  • Any use case where repeated queries with different parameters are necessary.

Benefits and risks

Benefits

  • Reduces the overhead of preparing the same SQL query multiple times.
  • Improves execution speed by reusing prepared statements.
  • Enhances database efficiency, especially for batch operations.

Risks

  • Exposing prepared statements directly may introduce misuse if not properly managed.
  • Additional complexity in managing statement lifecycle and bindings.

Proposed solution

Introduce a mechanism to retrieve and reuse prepared statements in the DBI component:

  • Modify the QueryBuilder to allow retrieval of a prepared statement before execution.
  • Provide an interface for executing a prepared statement with new parameters.
  • Ensure proper resource management and statement cleanup to prevent memory leaks.

Priority/Severity

  • High (This will bring a huge increase in performance/productivity/usability/legislative cover)
  • Medium (This will bring a good increase in performance/productivity/usability)
  • Low (anything else e.g., trivial, minor improvements)
## Problem Statement Hazaar now uses prepared statements for all database queries executed through the QueryBuilder. However, these prepared statements are currently only used internally within the DBI PDO driver class for SQL injection protection via parameter binding. There is no way for developers to retrieve and reuse prepared statements when executing multiple queries, such as batch updates or repeated selects. This results in redundant query preparation, which impacts performance and efficiency. ## Who will benefit? - Developers executing multiple queries of the same structure. - Applications that require high-performance database operations with reduced overhead. - Any use case where repeated queries with different parameters are necessary. ## Benefits and risks ### Benefits - Reduces the overhead of preparing the same SQL query multiple times. - Improves execution speed by reusing prepared statements. - Enhances database efficiency, especially for batch operations. ### Risks - Exposing prepared statements directly may introduce misuse if not properly managed. - Additional complexity in managing statement lifecycle and bindings. ## Proposed solution Introduce a mechanism to retrieve and reuse prepared statements in the DBI component: - Modify the QueryBuilder to allow retrieval of a prepared statement before execution. - Provide an interface for executing a prepared statement with new parameters. - Ensure proper resource management and statement cleanup to prevent memory leaks. ## Priority/Severity - [x] High (This will bring a huge increase in performance/productivity/usability/legislative cover) - [ ] Medium (This will bring a good increase in performance/productivity/usability) - [ ] Low (anything else e.g., trivial, minor improvements)
jamie commented 2025-03-17 23:52:48 +00:00 (Migrated from git.hazaar.io)
Copy link

assigned to @jamie

assigned to @jamie
jamie commented 2025-03-17 23:52:55 +00:00 (Migrated from git.hazaar.io)
Copy link

created branch 329-feature-prepared-statements to address this issue

created branch [`329-feature-prepared-statements`](/hazaar/framework/-/compare/master...329-feature-prepared-statements) to address this issue
jamie commented 2025-03-17 23:53:01 +00:00 (Migrated from git.hazaar.io)
Copy link

mentioned in merge request !216

mentioned in merge request !216
jamie commented 2025-03-18 10:49:08 +00:00 (Migrated from git.hazaar.io)
Copy link

mentioned in commit c116dcd8f2

mentioned in commit c116dcd8f2fbbb9233d727c3a690bb55aa85717e
jamie (Migrated from git.hazaar.io) closed this issue 2025-03-18 10:49:08 +00:00
jamie self-assigned this 2025-09-04 01:13:36 +00:00
jamie removed their assignment 2025-09-04 01:13:44 +00:00
jamie self-assigned this 2025-09-04 01:13:48 +00:00
jamie removed their assignment 2025-09-04 01:13:54 +00:00
jamie self-assigned this 2025-09-04 01:14:00 +00:00
jamie removed their assignment 2025-09-04 01:14:06 +00:00
jamie self-assigned this 2025-09-04 01:14:21 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
586-gitlab-ci-migration
297-feature-router-security
develop
No results found.
Labels
Clear labels   
bug

   
confirmed

   
critical

   
discussion

   
documentation

   
Doing

   
enhancement

   
experiment

Experimental Feature

  
suggestion

   
support

   
Testing

   
To Do
No labels
bug
confirmed
critical
discussion
documentation
Doing
enhancement
experiment
suggestion
support
Testing
To Do
Milestone
Clear milestone
No items
No milestone
Release 1.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
jamie
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: hazaar/framework#329
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?