oracle - Oracle 绑定变量未正确使用索引的问题

Question

在我的场景中，以下查询运行速度很快（在有 7000 万行的表上运行 0.5 秒）：

select * from Purchases
where (purchase_id = 1700656396)

而且，它甚至可以使用绑定变量快速运行：

var purchase_id number := 1700656396
select * from Purchases
where (purchase_id = :purchase_id)

这些运行得很快，因为我在purchase_id列上有一个索引。（继续阅读...）

我需要创建一个允许对任意列进行“过滤”的查询。这意味着提供几个输入变量，并对每个变量进行过滤，除非它是null. 起初这很好用。

例如，以下查询运行速度也很快（0.5 秒）：

select * from Purchases
where (1700656396 IS NULL OR purchase_id    = 1700656396)
and   (NULL       IS NULL OR purchase_name  = NULL)
and   (NULL       IS NULL OR purchase_price = NULL)

但是，当我尝试通过绑定变量或存储过程对查询进行参数化时，查询会显着减慢（1.5 分钟），就好像它忽略了任何索引一样：

var purchase_id    number   := 1700656396
var purchase_name  varchar2 := NULL
var purchase_price number   := NULL
select * from Purchases
where (:purchase_id    IS NULL OR purchase_id    = :purchase_id)
and   (:purchase_name  IS NULL OR purchase_name  = :purchase_name)
and   (:purchase_price IS NULL OR purchase_price = :purchase_price)

现在，在我的应用程序中，我被迫在运行时动态构建查询以获得良好的性能。这意味着我失去了参数化查询的所有优势，并迫使我担心 SQL 注入。

是否可以在保持相同逻辑的同时避免动态构造的查询？

score 3 · Accepted Answer

这确实是一个更大的话题，但这是我认为最容易实现并且效果很好的方法。诀窍是使用动态 SQL，但实现它以便始终传递相同数量的参数（需要），并且当您没有参数值时允许 Oracle 短路（您缺少的您当前的方法）。例如：

set serveroutput on
create or replace procedure test_param(p1 in number default null, p2 in varchar2 default null) as
  l_sql varchar2(4000);
  l_cur sys_refcursor;
  l_rec my_table%rowtype;
  l_ctr number := 0;
begin

  l_sql := 'select * from my_table where 1=1';
  if (p1 is not null) then
    l_sql := l_sql || ' and my_num_col = :p1';
  else
    -- short circuit for optimizer (1=1)
    l_sql := l_sql || ' and (1=1 or :p1 is null)';
  end if;

  if (p2 is not null) then
    l_sql := l_sql || ' and name like :p2';
  else
    -- short circuit for optimizer (1=1)
    l_sql := l_sql || ' and (1=1 or :p2 is null)';
  end if;

  -- show what the SQL query will be
  dbms_output.put_line(l_sql);

  -- note always have same param list (using)
  open l_cur for l_sql using p1,p2;

  -- could return this cursor (function), or simply print out first 10 rows here for testing
  loop
    l_ctr := l_ctr + 1;
    fetch l_cur
    into l_rec;
    exit when l_cur%notfound OR l_ctr > 10;

    dbms_output.put_line('Name is: ' || l_rec.name || ', Address is: ' || l_rec.address1);
  end loop;
  close l_cur;
end;

要测试，只需运行它。例如：

set serveroutput on
-- using 0 param
exec test_param();
-- using 1 param
exec test_param(123456789);
-- using 2 params
exec test_param(123456789, 'ABC%');

在我的系统上，使用的表超过 100 毫米行，在数字字段和名称字段上有索引。几乎立即返回。另请注意，如果您不需要所有列，您可能不想执行 select *，但我有点懒惰并在此示例中使用 %rowtype。

希望有帮助

score 1 · Accepted Answer

只是一个简单的问题：我猜下面的非参数化查询也会运行 1.5 分钟？

select * from Purchases
where (1700656396 IS NULL OR purchase_id    = 1700656396)
and   ('some-name' IS NULL OR purchase_name  = 'some-name')
and   (12       IS NULL OR purchase_price = 12)

如果是，则问题不在于绑定变量，而在于缺少索引。

编辑问题是，Oracle 在为参数化查询生成计划时无法决定使用索引

score 1 · Accepted Answer

采用不同的方法来tbone回答 's answer，我意识到我可以在代码中动态构造查询，并且仍然使用绑定变量（从而获得索引的灵活性，并且仍然 100% 防止 SQL 注入）。

在我的代码中，我可以这样做：

string sql = "select * from Purchases where 1 = 1";
if(purchase_id != null)    sql += " and (purchase_id = :purchase_id)";
if(purchase_name != null)  sql += " and (purchase_name = :purchase_name)";
if(purchase_price != null) sql += " and (purchase_price = :purchase_price)";

我对此进行了测试，它解决了我的问题。

score 1 · Accepted Answer

听起来很奇怪，在这种特定情况下，两个组合的交叉连接可以提供帮助。
看下面的例子。

样本数据表：

select * from all_tables;
drop table Purchases;
create table Purchases as
select zx.object_id + (lev-1) * 100000 purchase_id, 
          object_name purchase_name,
          round( dbms_random.value( 1, 200 )) purchase_price,
          zx.* 
from all_objects zx
cross join (select level lev from dual connect by level <= 170);

create unique index purchases_id_ix on Purchases( Purchase_id );

exec dbms_stats.gather_table_stats( user, 'Purchases' );

select count(*) from Purchases;

  COUNT(*)
----------
  10316620

查询：

var Purchase_id varchar2( 4000 )
var Purchase_name varchar2( 4000 )
var Purchase_price varchar2( 4000 )

begin
  :Purchase_id := '1139';
  :Purchase_name := NULL;
  :Purchase_price := NULL;
end;
    /

explain plan for
select p.* 
from Purchases p
cross join (
  select 1 from dual d
  where :Purchase_id is not null
) part_1
where Purchase_id = to_number( :Purchase_id )
  and ( :Purchase_name is null or Purchase_name = :Purchase_name )
  and ( :Purchase_price is null or purchase_price = to_number( :Purchase_price ) )
union all
select p.* 
from Purchases p
cross join (
  select 1 from dual d
  where :Purchase_id is null
) part_2
where 
  ( :Purchase_name is null or Purchase_name = :Purchase_name )
  and ( :Purchase_price is null or purchase_price = to_number( :Purchase_price ) )
;

解释计划：

Plan hash value: 460094106

------------------------------------------------------------------------------------------------------
| Id  | Operation                       | Name               | Rows  | Bytes | Cost (%CPU)| Time     |
------------------------------------------------------------------------------------------------------
|   0 | SELECT STATEMENT                |                    | 28259 |  5546K| 54093   (1)| 00:10:50 |
|   1 |  NESTED LOOPS                   |                    | 28259 |  5546K| 54093   (1)| 00:10:50 |
|   2 |   FAST DUAL                     |                    |     1 |       |     2   (0)| 00:00:01 |
|   3 |   VIEW                          | VW_JF_SET$96C1679A | 28259 |  5546K| 54091   (1)| 00:10:50 |
|   4 |    UNION-ALL                    |                    |       |       |            |          |
|*  5 |     FILTER                      |                    |       |       |            |          |
|*  6 |      TABLE ACCESS BY INDEX ROWID| PURCHASES          |     1 |   132 |     3   (0)| 00:00:01 |
|*  7 |       INDEX UNIQUE SCAN         | PURCHASES_ID_IX    |     1 |       |     2   (0)| 00:00:01 |
|*  8 |     FILTER                      |                    |       |       |            |          |
|*  9 |      TABLE ACCESS FULL          | PURCHASES          | 28258 |  3642K| 54088   (1)| 00:10:50 |
------------------------------------------------------------------------------------------------------

Predicate Information (identified by operation id):
---------------------------------------------------

   5 - filter(:PURCHASE_ID IS NOT NULL)
   6 - filter((:PURCHASE_NAME IS NULL OR "P"."PURCHASE_NAME"=:PURCHASE_NAME) AND
              (:PURCHASE_PRICE IS NULL OR "P"."PURCHASE_PRICE"=TO_NUMBER(:PURCHASE_PRICE)))
   7 - access("P"."PURCHASE_ID"=TO_NUMBER(:PURCHASE_ID))
   8 - filter(:PURCHASE_ID IS NULL)
   9 - filter((:PURCHASE_NAME IS NULL OR "P"."PURCHASE_NAME"=:PURCHASE_NAME) AND
              (:PURCHASE_PRICE IS NULL OR "P"."PURCHASE_PRICE"=TO_NUMBER(:PURCHASE_PRICE)))

27 wierszy zosta│o wybranych.

测试：Purchase_id <> NULL

SQL> set pagesize 0
SQL> set linesize 200
SQL> set timing on
SQL> set autotrace traceonly
SQL>
SQL> begin
  2    :Purchase_id := '163027';
  3    :Purchase_name := NULL;
  4    :Purchase_price := NULL;
  5  end;
  6  /

Procedura PL/SQL zosta│a zako˝czona pomyťlnie.

Ca│kowity: 00:00:00.00
SQL> select p.*
  2  from Purchases p
  3  cross join (
  4    select 1 from dual d
  5    where :Purchase_id is not null
  6  ) part_1
  7  where Purchase_id = to_number( :Purchase_id )
  8    and ( :Purchase_name is null or Purchase_name = :Purchase_name )
  9    and ( :Purchase_price is null or purchase_price = to_number( :Purchase_price ) )
 10  union all
 11  select p.*
 12  from Purchases p
 13  cross join (
 14    select 1 from dual d
 15    where :Purchase_id is null
 16  ) part_2
 17  where
 18    ( :Purchase_name is null or Purchase_name = :Purchase_name )
 19    and ( :Purchase_price is null or purchase_price = to_number( :Purchase_price ) )
 20  ;

Ca│kowity: 00:00:00.09

Plan wykonywania
----------------------------------------------------------
Plan hash value: 460094106

------------------------------------------------------------------------------------------------------
| Id  | Operation                       | Name               | Rows  | Bytes | Cost (%CPU)| Time     |
------------------------------------------------------------------------------------------------------
|   0 | SELECT STATEMENT                |                    | 28259 |  5546K| 54093   (1)| 00:10:50 |
|   1 |  NESTED LOOPS                   |                    | 28259 |  5546K| 54093   (1)| 00:10:50 |
|   2 |   FAST DUAL                     |                    |     1 |       |     2   (0)| 00:00:01 |
|   3 |   VIEW                          | VW_JF_SET$96C1679A | 28259 |  5546K| 54091   (1)| 00:10:50 |
|   4 |    UNION-ALL                    |                    |       |       |            |          |
|*  5 |     FILTER                      |                    |       |       |            |          |
|*  6 |      TABLE ACCESS BY INDEX ROWID| PURCHASES          |     1 |   132 |     3   (0)| 00:00:01 |
|*  7 |       INDEX UNIQUE SCAN         | PURCHASES_ID_IX    |     1 |       |     2   (0)| 00:00:01 |
|*  8 |     FILTER                      |                    |       |       |            |          |
|*  9 |      TABLE ACCESS FULL          | PURCHASES          | 28258 |  3642K| 54088   (1)| 00:10:50 |
------------------------------------------------------------------------------------------------------

Predicate Information (identified by operation id):
---------------------------------------------------

   5 - filter(:PURCHASE_ID IS NOT NULL)
   6 - filter((:PURCHASE_NAME IS NULL OR "P"."PURCHASE_NAME"=:PURCHASE_NAME) AND
              (:PURCHASE_PRICE IS NULL OR "P"."PURCHASE_PRICE"=TO_NUMBER(:PURCHASE_PRICE)))
   7 - access("P"."PURCHASE_ID"=TO_NUMBER(:PURCHASE_ID))
   8 - filter(:PURCHASE_ID IS NULL)
   9 - filter((:PURCHASE_NAME IS NULL OR "P"."PURCHASE_NAME"=:PURCHASE_NAME) AND
              (:PURCHASE_PRICE IS NULL OR "P"."PURCHASE_PRICE"=TO_NUMBER(:PURCHASE_PRICE)))


Statystyki
----------------------------------------------------------
          1  recursive calls
          0  db block gets
          4  consistent gets
          2  physical reads
          0  redo size
       1865  bytes sent via SQL*Net to client
        519  bytes received via SQL*Net from client
          2  SQL*Net roundtrips to/from client
          0  sorts (memory)
          0  sorts (disk)
          1  rows processed

测试：Purchase_id = NULL

SQL> begin
  2    :Purchase_id := NULL;
  3    :Purchase_name := 'DBMS_CUBE_UTIL';
  4    :Purchase_price := NULL;
  5  end;
  6  /

Procedura PL/SQL zosta│a zako˝czona pomyťlnie.

Ca│kowity: 00:00:00.00
SQL> select p.*
  2  from Purchases p
  3  cross join (
  4    select 1 from dual d
  5    where :Purchase_id is not null
  6  ) part_1
  7  where Purchase_id = to_number( :Purchase_id )
  8    and ( :Purchase_name is null or Purchase_name = :Purchase_name )
  9    and ( :Purchase_price is null or purchase_price = to_number( :Purchase_price ) )
 10  union all
 11  select p.*
 12  from Purchases p
 13  cross join (
 14    select 1 from dual d
 15    where :Purchase_id is null
 16  ) part_2
 17  where
 18    ( :Purchase_name is null or Purchase_name = :Purchase_name )
 19    and ( :Purchase_price is null or purchase_price = to_number( :Purchase_price ) )
 20  ;

510 wierszy zosta│o wybranych.

Ca│kowity: 00:00:11.90

Plan wykonywania
----------------------------------------------------------
Plan hash value: 460094106

------------------------------------------------------------------------------------------------------
| Id  | Operation                       | Name               | Rows  | Bytes | Cost (%CPU)| Time     |
------------------------------------------------------------------------------------------------------
|   0 | SELECT STATEMENT                |                    | 28259 |  5546K| 54093   (1)| 00:10:50 |
|   1 |  NESTED LOOPS                   |                    | 28259 |  5546K| 54093   (1)| 00:10:50 |
|   2 |   FAST DUAL                     |                    |     1 |       |     2   (0)| 00:00:01 |
|   3 |   VIEW                          | VW_JF_SET$96C1679A | 28259 |  5546K| 54091   (1)| 00:10:50 |
|   4 |    UNION-ALL                    |                    |       |       |            |          |
|*  5 |     FILTER                      |                    |       |       |            |          |
|*  6 |      TABLE ACCESS BY INDEX ROWID| PURCHASES          |     1 |   132 |     3   (0)| 00:00:01 |
|*  7 |       INDEX UNIQUE SCAN         | PURCHASES_ID_IX    |     1 |       |     2   (0)| 00:00:01 |
|*  8 |     FILTER                      |                    |       |       |            |          |
|*  9 |      TABLE ACCESS FULL          | PURCHASES          | 28258 |  3642K| 54088   (1)| 00:10:50 |
------------------------------------------------------------------------------------------------------

Predicate Information (identified by operation id):
---------------------------------------------------

   5 - filter(:PURCHASE_ID IS NOT NULL)
   6 - filter((:PURCHASE_NAME IS NULL OR "P"."PURCHASE_NAME"=:PURCHASE_NAME) AND
              (:PURCHASE_PRICE IS NULL OR "P"."PURCHASE_PRICE"=TO_NUMBER(:PURCHASE_PRICE)))
   7 - access("P"."PURCHASE_ID"=TO_NUMBER(:PURCHASE_ID))
   8 - filter(:PURCHASE_ID IS NULL)
   9 - filter((:PURCHASE_NAME IS NULL OR "P"."PURCHASE_NAME"=:PURCHASE_NAME) AND
              (:PURCHASE_PRICE IS NULL OR "P"."PURCHASE_PRICE"=TO_NUMBER(:PURCHASE_PRICE)))


Statystyki
----------------------------------------------------------
          0  recursive calls
          0  db block gets
     197993  consistent gets
      82655  physical reads
          0  redo size
      16506  bytes sent via SQL*Net to client
        882  bytes received via SQL*Net from client
         35  SQL*Net roundtrips to/from client
          0  sorts (memory)
          0  sorts (disk)
        510  rows processed

要知道真正的执行时间，不要看计划，他们会撒谎，只包含估计（oracle 认为它会是怎样的）。查看带有“Ca│kowity”的行，它的意思是“总执行时间”（我不知道如何在 sqlplus 中将代码页更改为英文）。另请查看“一致获取”，这是查询读取的许多逻辑一致块。

第一个查询（purchase_id <> null ）

Ca│kowity: 00:00:00.09
          4  consistent gets
          2  physical reads

显然它使用了索引，时间是 90 ms

第二次查询（purchase_id = null ）

Ca│kowity: 00:00:11.90
     197993  consistent gets
      82655  physical reads

此查询执行全表扫描。

oracle - Oracle 绑定变量未正确使用索引的问题

4 回答 4

Related

Reference