CDbCommandBuilder.createInCondition() doesn't use sql parameter binding #2031

Closed
MonkeyMaster opened this Issue Jan 24, 2013 · 1 comment

Comments

2 participants

CDbCommandBuilder.createInCondition() puts column values directly in SQL statement instead of binding them. Since CActiveRecord.findByPk() calls it and is used very often, database server load is increased due to frequent query parsing for literal values.

Please apply param binding for that method.

Owner

samdark commented Mar 2, 2015

It's true for repeated queries with the same number of parameters but false otherwise.

samdark closed this Nov 17, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment