On Jun 4, 2008, at 22:47 PM, Nathan Day wrote:

> I am extremely new to Ruby, my company is in the process of  
> evaluating it for a large new report system and administration  
> system. One concern with Ruby is the use  of bind variables, we need  
> to use bind variables for performance concerns, I am sure I am  
> getting different concepts mixed up. It seems the default SQL  
> library with Ruby on Rails does not support bind variables, there  
> does seem to be at least one other SQL library for SQL Sequel, which  
> can  perform parameterized queries, is this true bind variables or  
> are they just turning into a string underneath for us, the fact that  
> it is documented as to protection against SQL injection. Seems to  
> suggest it is true bind variable.

AFAIK, all the database connection libraries support parameterized  
queries if the underlying database supports it (mysql, postgres,  
oracle, etc).  Not every ORM mapper uses bind variables inside (like  
ActiveRecord).