Skip site navigation (1) Skip section navigation (2)

Re: Poor plan choice in prepared statement

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Scott Carey <scott(at)richrelevance(dot)com>
Cc: bricklen <bricklen(at)gmail(dot)com>, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "pgsql-performance(at)postgresql(dot)org" <pgsql-performance(at)postgresql(dot)org>
Subject: Re: Poor plan choice in prepared statement
Date: 2008-12-30 23:02:29
Message-ID: 2796.1230678149@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-performance
Scott Carey <scott(at)richrelevance(dot)com> writes:
> I have also had a case where one query would take a  couple hundred ms to parse, but was fairly fast to plan and execute (1/3 the parse cost) -- yet another case where a prepared statement that re-plans each execution would be helpful.  At least you can prevent SQL injection and cut the parse cost.  Its not all about the cost of planning the query.

The point of a prepared statement IMHO is to do the planning only once.
There's necessarily a tradeoff between that and having a plan that's
perfectly adapted to specific parameter values.

Reasonable client-side APIs should provide the option to use out-of-line
parameters, which is what you want to prevent SQL injection, without
hard-wiring that to the orthogonal concept of statements whose plan is
prepared in advance.  In libpq, for instance, PQexecParams() does that.

			regards, tom lane

In response to

Responses

pgsql-performance by date

Next:From: bricklenDate: 2008-12-30 23:11:47
Subject: Re: Poor plan choice in prepared statement
Previous:From: bricklenDate: 2008-12-30 21:40:26
Subject: Re: Poor plan choice in prepared statement

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group