An SQL query that is defined at run-time from variable data. For example, in PHP:
<?php // Connect to a database named "mydb" $dbconn = pg_connect("dbname=mydb"); // Obtain a random number between 1 and 10. $rnum = rand(1, 10); // Create a dynamic SQL query. $qry = "INSERT INTO records(rnum) VALUES($rnum)"; // Execute the query. $result = pg_query($dbconn, $qry); ?>For comparison, see PreparedStatement.
(Topic title not to be confused with DynamicRelational)
Usage of PreparedStatements under the hood wouldn't change your classification it appears because one is talking about the query itself and not necessarily "strings". Thus, even if using a PS with a parameterized value (the random value) where the non-value portion of the SQL is a string literal, using a randomly generated value in the query would make the query "dynamic". You seem to be conflating "dynamic strings" and "dynamic queries" in the PS topics. I don't consider "query" to be excluding values: the query is the whole shebang: statements, values, etc. Strings are an implementation detail.
It's the querying that's dynamic, because the specific SQL text is being defined at run-time based on variable data. Think of it as software-generated ad-hoc(ish) SQL queries. PreparedStatements can be parameterised by passing arguments to parameters when they're executed, but a given PreparedStatement is static for at least the lifetime of the PreparedStatement, and usually the lifetime of the application.
But we are talking about a "query" in an abstract sense, not how the hardware processes queries. Conceptually such a query is "dynamic" because it could have contain value 7 during one run and a value of 4 during another. How the values/literals are processed under the hood is an implementation detail.
We could perhaps say that under typical PS usage, portions of queries are statically defined (don't change during run-time), but if some portions are static and some dynamic (values/literals, typically passed as parameters), then generally the entire query is considered "dynamic". Essentially, "static part + dynamic part = dynamic whole" in normal usage.
The key distinction, in comparison with PreparedStatements, is this: If you're not using PreparedStatements (i.e., you're using dynamic SQL), every time you wish to run a given query with a different value -- say a value of 7 in one run and a value of 4 during another -- you have to construct and send the whole query to the DBMS for execution. If you're using PreparedStatements, you send the query text -- including specified parameters -- to the DBMS only once for definition. Then you can run it as many times as needed, passing to the DBMS only a reference the pre-defined PreparedStatement and the parameter argument values.
From the application's perspective, it's still a "dynamic query". PS's are essentially caching parts, but that's an implementation detail, as caching typically is. Note that non-PS technology can also use caching or caching-like technology to avoid repeating certain steps also for queries that vary slightly.
You may consider a PreparedStatement to be a "dynamic query" in a loose sense, and PreparedStatements may -- also in a loose sense -- be "caching parts", but there is a fundamental difference between PreparedStatements and what is usually called dynamic SQL: Dynamic SQL -- call it non-PreparedStatements, if you feel more comfortable with that name -- is executed in a single step and has no means to define parameters. PreparedStatements are defined in one step with explicit parameters and executed in another with parameter arguments.
Sometimes one talks about a "pre-compiled query" for PS's, but that's PS-specific terminology. It's perhaps a shortcut for "pre-compiled query plan", but a query plan is not necessary the same as "query" in a colloquial or general sense. The "SQL" is still dynamic if literals can vary from the app's side. Counting the literals as separate from "query" or "SQL" is either wrong or not universal (English being vague as typically used).
The terminology I've used is conventional; that doesn't necessarily make it ideal, but it is what it is.
Ditto with mine. English sucks. In practice people tend to use terms relative to their concern(s) of the moment. Something would be "dynamic" relative to some point of view they are analyzing. Often one has to ask further questions to understand their intended meaning and perspective. Everything on Earth is ultimately dynamic, a meteor or nearby supernova explosion can make any source code or disk "dynamic" by turning it into fine powder or plasma. It's only "static" relative to some stated event or period. If something is dynamic or static in the low-level guts of an RDBMS, it may not matter to an application developer: it's not something they can directly "see" such that calling their in-app SQL snippets "static" or "dynamic" based on what the low-level guts do is not very useful in practice and may even be misleading.
Be that as it may, the terms "prepared statement" and "dynamic SQL" have specific conventional meanings -- especially in relation to each other -- that are recognised by application developers. Calling (say) a typical prepared statement "dynamic SQL" is potentially misleading. It's certainly needlessly confusing.
I'm not aware of that verbal association, but have not taken any formal surveys.
Not sure I follow -- you mean you've not heard of a PreparedStatement being described as "dynamic SQL", or you have?
I don't remember ever hearing "dynamic SQL" used to describe SQL that is not associated with PS's. In other words, I've never heard it used as an alternative/contrast to "prepared statements". Typically something like "direct SQL" would be used to describe SQL passed to the database that doesn't go through PS's. Although, I will admit I never paid close attention. Your usage just "rings wrong".
Google "dynamic SQL" to find about 734,000 results that appear to accord with my usage.
Okay, I won't challenge that observation of google results. But the fact remains that there is no universal term for SQL that is not processed through PS mechanisms. Nobody has established that "Dynamic Sql" is the hands-down favorite; and per above, strongly leans toward meaning software-generated SQL (which is orthogonal to PS usage).
If it helps, whenever you see one of us use the term "DynamicSql", whisper "SQL that's not PreparedStatements" to yourself.
I'd rather not use an overloaded term. What about we use "STNPS" as a local working term to avoid general confusion.
Please, let's not construct PrivateLanguage merely because you don't like conventional terminology. The reason this page exists is to disambiguate PreparedStatements from Dyn- Sorry. From what this is page is about.
Well, it's not working. "Dynamic" is ultimately a relative term and generally is used from a specific and/or situational perspective or scope.
It's not working for you, perhaps. I don't see your particular difficulties appearing elsewhere. Notably, the differences between PreparedStatements and whatever-you-call-it seems to be clear pretty much wherever both appear.
No, it's not clear to me.
Do you understand the difference between...
$qry = "SELECT * FROM customers WHERE name = '" + pg_escape_string($userInput) + "'"; $result = pg_query($dbconn, $qry);...and the following?
pg_prepare($dbconn, "myquery", 'SELECT * FROM customers WHERE name = $1'); $result = pg_execute($dbconn, "myquery", array($userInput));Yes, it's a query API (middle-ware) design choice. PS's and filters can each use the other "style" if API's are so adjusted. Other than perhaps naming "hints", it tells us nothing concrete about the "guts" of SQL processing or whether program-constructed SQL is ultimately used by PS's somewhere along the line.
No, that's incorrect. Look up "pg_query()" and "pg_execute()" in the on-line PHP manual.
You seem to be missing my point. But I'm trying to kick my addiction to PS-related replies and thus will not give further explanations.
Trying to make a point instead of answering my question will only result in confusion. Do you understand the difference between PreparedStatements and immediate SQL / DynamicSql / executing SQL statements directly?
Yes, but you are only showing an interface, not the technical processing steps that are key to the difference.
Do you mean you want to see the DBMS internals for PreparedStatements? Why would "the technical processing steps" be relevant here? And if you do understand the difference between PreparedStatements and immediate SQL / DynamicSql / executing SQL statements directly, why did you write above that the differences between PreparedStatements and DynamicSql are "not clear to me".
Your writing is not clear to me.
You're relying only on my writing about PreparedStatements and DynamicSql in order to understand the differences between them?
No, I'm trying to figure out what the fucking hell you are talking about.
If you can't understand the difference between PreparedStatements and DynamicSql, the problem isn't my writing.
I am not certain what YOU mean by both those terms. I thought I did early, but peculiar responses by you suggests I got it wrong.
What responses of mine do you think are "peculiar"?
I'd have to empty a new highlighter answering that.
That's evasive, and borders on being an AdhominemAttack. It suggests that you have no rational answer to my question.
Yes, I understand the difference perfectly well.
That's not the question here. What responses of mine do you think are "peculiar"?
I do not feel it would help anything to answer that. All instances I checked already indicate problems with the text in replies. It would only create redundancy to duplicate that.
I think the problem lies entirely with your understanding, not the replies themselves.
You are welcome to your own screwy opinion on that.
Again, this is bordering on being an AdhominemAttack without offering any new information, evidence, or rhetoric.
Accusing somebody of "not understanding" can also be an AdhominemAttack, AND too general to be useful. It looks like hypocrisy to me.
If the problem appears to lie entirely with your understanding, then I can only say that the problem lies entirely with your understanding. That's not an AdhominemAttack but an assessment of the situation. If I said I thought your lack of understanding is because you're an idiot (which I'm not saying, by the way), that would be an AdhominemAttack. You're right that identifying a lack of understanding is too general to be useful, but at this point I'm not sure what would be useful because you seem unwilling to tell me what responses of mine you think are "peculiar". I am left wondering if that was merely a spurious insult.
If it doesn't convey new and use-able information it probably should be skipped because it's usually considered un-friendly and is often frustrating because it cannot be processed further.