Sudeep's Blog

Disorganized Thoughts in Organized Manner

AppEngine's Query Filter vs GqlQuery
For a longish time, I was struggling to find differences between Google AppEngine's Query class and GqlQuery (which is nothing but SQL-type query language). Here is a compilation of all the differences.
  1. Perhaps the biggest disadvantage of GqlQuery is SQL Injection attack if you are not careful with it's use. See this post for details . In short, use :variable instead of plain variable names in Gql Query. AppEngine's Query class and filtering mechanism, however, can avoid SQL injection problem completely.
  2. Another difference is unfamiliarity with Query class vs. comfort with writing SQL-like queries. Some SQL programmers might find Gql fairly easy to use. Using query class might require some exploration of API. My experience is that Query-class-API is fairly straightforward, at least for easy tasks.
  3. Finally, there are some similarities, like, a limit of 1000 query results, no support for advanced database operations like join etc.
All in all, I am leaning more in favor of Query class. Am I missing anything here?
Back to Home