On Thursday 05 June 2008 00:47:13 Nathan Day wrote:
> One  
> concern with Ruby is the use  of bind variables, we need to use bind  
> variables for performance concerns, I am sure I am getting different  
> concepts mixed up.

Probably prepared statements is what would make the difference in performance.

> It seems the default SQL library with Ruby on Rails   
> does not support bind variables,

That would be the default ORM. ActiveRecord does not support bind variables at 
the SQL adapter level. It does support 

The individual SQL libraries, such as mysql, postgres, etc, do support bind 
variables. This won't help you much if you're using Rails in its entirety -- 
but if you really want to, you can always swap out ActiveRecord for something 
else, like DataMapper or Sequel. Of course, by then, you might consider using 
another framework altogether, like Merb.

Also: There have been some lively discussions about this in the Rails 
community. (ruby-talk is a Ruby discussion list, and contrary to popular 
opinion, Ruby is more than just Rails.)

> there does seem to be at least one   
> other SQL library for SQL Sequel, which can  perform parameterized  
> queries, is this true bind variables or are they just turning into a  
> string underneath for us, the fact that it is documented as to  
> protection against SQL injection. Seems to suggest it is true bind  
> variable.

I can't speak for Sequel, but ActiveRecord does support fake bind variables in 
a few places, to guard against SQL injection. Maybe someday it will do actual 
bind variables, but for now, it just turns it into a string under the hood.

> Another feature which is not critical but would be nice, I haven't  
> been able to find information about this for Sequel, but sqlite-ruby  
> has this though is of no use to use since we need to support oracle,  
> postsql initially and more latter on.

What feature is this?

And by the way, Google for information about optimizing Rails on Oracle. 
People have done tricks to make Oracle work reasonably well even without real 
bind variables.