For a longish time, I was struggling to find differences between Google AppEngine's Query class and GqlQuery (which is nothing but SQL-type query language). Here is a compilation of all the differences.
- Perhaps the biggest disadvantage of GqlQuery is SQL Injection attack if you are not careful with it's use. See this post for details . In short, use :variable instead of plain variable names in Gql Query. AppEngine's Query class and filtering mechanism, however, can avoid SQL injection problem completely.
- Another difference is unfamiliarity with Query class vs. comfort with writing SQL-like queries. Some SQL programmers might find Gql fairly easy to use. Using query class might require some exploration of API. My experience is that Query-class-API is fairly straightforward, at least for easy tasks.
- Finally, there are some similarities, like, a limit of 1000 query results, no support for advanced database operations like join etc.
All in all, I am leaning more in favor of Query class. Am I missing anything here?