当前位置: 文江博客话题详情

为了提高性能,我是否应该总是更喜欢使用准备好的 SQL 语句?

发布于 2024-10-10 07:33:36 字数 235 浏览 0 评论 0原文

我的理解是,准备好的语句在服务器上编译一次,从而节省了重复解析、优化等的开销。显然,我应该总是更喜欢对运行多次的查询使用准备好的语句。

这种方法有什么缺点吗?

我正在使用 ODBC (libodbc++) 从 C++ 到 MySQL。

原文

My understanding is that a prepared statement is compiled on the server once, thus saving the overhead of repeating parsing, optimization etc. Apparently, I should always prefer using prepared statements for queries that run more than once.

Are there any cons to this approach?

I am using ODBC (libodbc++) from C++ to MySQL.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

烂柯人 2024-10-17 07:33:36

准备好的语句

为什么使用准备好的语句?

使用有很多优点
准备好的陈述
应用程序,无论是为了安全还是
性能原因。

准备好的陈述可以帮助提高
通过将 SQL 逻辑与
所提供的数据。这
逻辑和数据的分离可以帮助
防止一种非常常见的类型
称为 SQL 注入的漏洞
攻击。一般情况下你在交易的时候
对于临时查询,您需要
处理数据时非常小心
您从用户那里收到的。这
需要使用转义函数
所有必要的麻烦
字符,例如单引号,
双引号和反斜杠
人物。当
处理准备好的陈述。这
数据分离允许 MySQL
自动考虑这些
字符,并且它们不需要是
使用任何特殊函数进行转义。

性能提升
准备好的语句可以来自
几个不同的功能。首先是
只需要解析单个查询
时间。当您最初准备
语句,MySQL将解析
语句检查语法并设置
启动要运行的查询。那么如果你
多次执行查询,就会
不再有那个开销。这
预解析可以提高速度
如果需要运行相同的则增加
多次查询,例如在做时
许多 INSERT 语句。

(注意:虽然不会发生这种情况
MySQL 4.1,未来版本还将
缓存准备好的执行计划
声明,消除了另一位
您目前为每个项目支付的间接费用
查询执行。)

性能可能排名第二的地方
增加是通过使用新的
准备的二进制协议
语句可以使用。传统的
MySQL 中的协议总是转换
发送前将所有内容转换为字符串
他们通过网络。这意味着
客户端将数据转换成
字符串,通常大于
原始数据,通过
网络(或其他传输)到
服务器,最终解码
字符串转换为正确的数据类型。这
二进制协议删除了这个
转换开销。所有类型都是
以本机二进制形式发送,其中
节省转换CPU使用率,并且
还可以减少网络使用。

什么时候应该使用准备好的语句?准备好的语句可以
对以上所有内容都有用
原因,但它们不应该(并且
不能)用于一切
您的申请。首先,类型
他们处理的查询是
仅限于 DML(插入、替换、
更新和删除)、创建表和
选择查询。支持额外的
查询类型将进一步添加
版本,使准备好的
报表API更通用。

->有时准备好的语句实际上可能比常规语句慢
查询。这样做的原因是
有两次往返
服务器,这可能会减慢简单的速度
仅执行的查询
单次。在这样的情况下,一
必须决定是否值得交易
关闭此性能影响
额外的往返行程以获得
使用准备好的安全好处
声明。


Prepared Statements:

Why use prepared statements?

There are numerous advantages to using
prepared statements in your
applications, both for security and
performance reasons.

Prepared statements can help increase
security by separating SQL logic from
the data being supplied. This
separation of logic and data can help
prevent a very common type of
vulnerability called an SQL injection
attack. Normally when you are dealing
with an ad hoc query, you need to be
very careful when handling the data
that you received from the user. This
entails using functions that escape
all of the necessary trouble
characters, such as the single quote,
double quote, and backslash
characters. This is unnecessary when
dealing with prepared statements. The
separation of the data allows MySQL to
automatically take into account these
characters and they do not need to be
escaped using any special function.

The increase in performance in
prepared statements can come from a
few different features. First is the
need to only parse the query a single
time. When you initially prepare the
statement, MySQL will parse the
statement to check the syntax and set
up the query to be run. Then if you
execute the query many times, it will
no longer have that overhead. This
pre-parsing can lead to a speed
increase if you need to run the same
query many times, such as when doing
many INSERT statements.

(Note: While it will not happen with
MySQL 4.1, future versions will also
cache the execution plan for prepared
statements, eliminating another bit of
overhead you currently pay for each
query execution.)

The second place where performance may
increase is through the use of the new
binary protocol that prepared
statements can use. The traditional
protocol in MySQL always converts
everything into strings before sending
them across the network. This means
that the client converts the data into
strings, which are often larger than
the original data, sends it over the
network (or other transport) to the
server, which finally decodes the
string into the correct datatype. The
binary protocol removes this
conversion overhead. All types are
sent in a native binary form, which
saves the conversion CPU usage, and
can also cut down on network usage.

When should you use prepared statements? Prepared statements can
be useful for all of the above
reasons, however they should not (and
can not) be used for everything in
your application. First off, the type
of queries that they work on is
limited to DML (INSERT, REPLACE,
UPDATE, and DELETE), CREATE TABLE, and
SELECT queries. Support for additional
query types will be added in further
versions, to make the prepared
statements API more general.

-> Sometimes prepared statements can actually be slower than regular
queries. The reason for this is that
there are two round-trips to the
server, which can slow down simple
queries that are only executed a
single time. In cases like that, one
has to decide if it is worth trading
off the performance impact of this
extra round-trip in order to gain the
security benefits of using prepared
statements.

回复 原文
内心旳酸楚 2024-10-17 07:33:36

大量活动准备好的语句会消耗额外的服务器内存。例如,对于嵌入式平台(例如 iPhone 上的 sqlite 数据库)来说,这可能是一个问题。

Larger numbers of active prepared statements consume additional server memory. For example, it can be an issue for embedded platforms (e.g. sqlite database on IPhone).

回复 原文
过去的过去 2024-10-17 07:33:36

为了安全的好处,您应该总是更喜欢使用准备好的语句。它们几乎消除了 SQL 注入的漏洞,而您不必担心 SQL 转义值。

但是,如果您的查询不经常运行(每个请求少于一次),则准备好的语句可能需要更长的时间才能运行。使用准备好的语句需要两次调用:一次准备它,一次执行它。通过一条临时语句,这两个步骤一举完成,无需等待服务器说“好的,编译完成”。

所有这一切的结果是,如果您担心性能,并且您的查询只运行一次,则临时查询可能会更快一些。但安全方面的好处几乎总是超过准备声明所需的额外时间。

You should always prefer working with prepared statements for the security benefits. They all but eliminate vulnerability to SQL injection, without you having to worry about SQL-escaping values.

If you have a query that doesn't run often, though (less than once per request), a prepared statement can take longer to run. It takes two calls to use a prepared statement: once to prepare it, and once to execute it. With an ad-hoc statement, those two steps are done in one fell swoop, and there's no waiting for the server to say "ok, done compiling".

The upshot of all that being, if you're worried about performance, and your query only runs once, an ad-hoc query might be a little faster. But the security benefits almost always outweigh the extra little bit of time it takes to prepare a statement.

回复 原文
~没有更多了~

关于作者

双手揣兜

暂无简介

0 文章
0 评论
20 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

花开柳相依

文章 0 评论 0

zyhello

文章 0 评论 0

故友

文章 0 评论 0

对风讲故事

文章 0 评论 0

Oo萌小芽oO

文章 0 评论 0

梦明

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文