-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add @DisableQueriesWithoutBindParameters and @EnableQueriesWithoutBindParameters #3
Comments
Hello, I want to work on this ! |
Great @archyoshi! |
@archyoshi You can find here the steps to follow to add a SQL annotation to QuickPerf. |
This kind of code may help in /**
* Examples :
* - "SET isbn = ?, title = ? " returns 2
* - "SET isbn = '123', title = '1 + 1 = 0' " returns 2
*/
private long countUnquotedEquals(String setClause) {
boolean inQuote = false;
long equalCounter = 0;
for (char c : setClause.toCharArray()) {
if (c == '\'') {
inQuote = !inQuote;
}
if (!inQuote && c == '=') {
equalCounter++;
}
}
return equalCounter;
} |
Thanks for these links. 👍 I like these tips from Use the index, Luke!:
If I understand well, bind parameters are more likely to be security issues than performance issues. |
@nicokosi Thanks for your feedback.
I don't think that it is the meaning of the Use the index, Luke! paper:
In some cases, the values can influence the execution plan (and so we may have a better execution plan without bind parameters), however there are only a few cases according to Markus Winand. So you
So, bind parameters are for both security and performance issues. |
@nicokosi |
Hello ! The subject is advancing well, next steps to cover are related to some code refactorings as well as many test cases to add. Refactoring
Remaining tests
|
Hello, so here's a little update on what has been done so far and what remains:
We are working on this case:
|
Remaining cases (LIKE, IN, BETWEEN, ...) fixed with 81f61b7 |
Why
Using bind parameters is recommanded for performance. Moreover, bind parameters can prevent SQL injections.
References:
The role of @DisableQueriesWithoutBindParameters is to prevent the execution of requests without bind parameters. This annotation could be used whith a global scope, that is to say applied on each QuickPerf test.
@EnableQueriesWithoutBindParameters will cancel the behavior of @DisableQueriesWithoutBindParameters. @EnableQueriesWithoutBindParameters may be applied on a specific test method where some values can influence the execution plan (https://use-the-index-luke.com/sql/where-clause/bind-parameters).
Use cases
Java code example generating this request:
Java code example generating this request:
Java code example generating this request:
Java code example generating this request:
Java code example generating this request:
Java code example generating this request:
Implementation
This documentation can help you to implement, in particular this part.
The text was updated successfully, but these errors were encountered: