Somewhere in the forums I remember reading that it was a better practice to write queries in a script library instead of using named queries. I can't find the topic that it was mentioned on. So, what are everyone's thoughts on this? Arguments for and against using named queries?
I use named queries all the time in place of scripted queries. It basically allows for resistance against SQL injection when using them properly. You can do prepared statements/queries in scripting also, but I like having a nice interface to test queries out and just call them from the script with whatever parameters I need.
1 Like
So do the 'prep' scripting functions.
You can't create dynamic queries, perhaps obviously, using named queries. Named queries should be used for all static queries and dynamic ones must use scripted ones making sure to validate dynamic parts against an allow list
Generally, named queries are considered to be the better practice however, it is situational.
1 Like