Oracle alter session查询的Java准备语句参数
我尝试执行 oracle alter session 查询来更改语言设置,但失败并出现错误“ORA-01036:非法变量名称/编号”。
preparedStatement = connection.prepareStatement("ALTER SESSION SET NLS_SORT = ?");
preparedStatement.setString(1, "BINARY_CI");
preparedStatement.execute();
Oracle 不允许在 ddl 语句中绑定变量。由于绑定变量具有性能增益(在我的用例中,此更改会话查询将在 Web 应用程序中使用的每个连接上执行),并且它还可以防止应用程序遭受 SQL 注入,因此我想使用它们。如果没有绑定变量,是否还有其他优化方法来执行上述更改会话查询?
I tried executing the oracle alter session query for changing the language settings but it fails with an error "ORA-01036: illegal variable name/number".
preparedStatement = connection.prepareStatement("ALTER SESSION SET NLS_SORT = ?");
preparedStatement.setString(1, "BINARY_CI");
preparedStatement.execute();
Oracle does not allow to bind variables in ddl statements. Since bind variables have a performance gain (in my use case this alter session query would be executed on every connection used in the web application) and it also prevents the application from SQL injection I wanted to use them. If not bind variables is there any other optimized way of executing the above alter session query?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
绑定变量可以提高性能,因为查询解析/优化仅执行一次,而不是每次执行时执行。
alter session调用没有进行解析,这里使用绑定变量不会在性能方面获得任何好处。对于 SQL 注入,只需根据您支持的排序规则列表验证排序规则的名称即可。
Bind variables have a performance gain because query parse/optimizing is done only once, and not at each execution.
There is no parsing done on that
alter sessioncall, using a bind variable here will not gain you anything in terms of performance.As for SQL injection, just validate the name of the collation against a list of collations you support.
ALTER SESSION 不需要查询计划(构建速度很慢),因此即使没有准备也必须快速执行。
如果您使用任何形式的连接池(您可能会这样做),则该语句的执行频率甚至更低。
使用硬编码的文字形式或根据已知排序规则列表检查排序规则名称。
ALTER SESSIONdoes not require a query plan (which is slow to build), so it must be excuted fast even unprepared.If you use any form of connection pooling (and you probably do) this statement needs to execute even less frequently.
Use the hardcoded literal form or check the collation name against a list of known collations.