Jump to content
php.lv forumi

par sql injection


labaiss

Recommended Posts

Muļķības PS, ja kverijs tiek izpildīts vienu reizi, darbojas daudz lēnāk, jo:

1)Papriekšu tiek aizsūtīts PS un tad ar otro reizi tikai dati, kamēr normāla steitment gadījumā viss tiek sūtīts uzreiz.

2)Tāpatās arī PS apstrāde RDBMS serverim ir darbietilpīgāka, kā vienkārša steitment-a apstrāde.

 

Un prepeared statement aizsargā no sql injekcijām tikpat labi kā jebkurš normāls db wraperis.

 

 

P.S.

PS parasti ir jēga izmantot, ja db klients tur konekciju ar serveri visu laiku atvērtu un tad savā darba laikā izpilda daudzus līdzīgus kverijus. Bet tākā web specifika ir tāda, ka pēc pieprasījuma visas konekcijas tiek aizvērtas, tad PS nedod nekādu performances labumu, bet tieši pasliktina to.

Edited by codez
Link to comment
Share on other sites

  • Replies 34
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Labi, ja tev vajag autoratīvāku atsauci, tad :

http://oreilly.com/catalog/jorajdbc/chapter/ch19.html

 

There's a popular belief that using a PreparedStatement object is faster than using a Statement object. After all, a prepared statement has to verify its metadata against the database only once, while a statement has to do it every time. So how could it be any other way? Well, the truth of the matter is that it takes about 65 iterations of a prepared statement before its total time for execution catches up with a statement. This has performance implications for your application, and exploring these issues is what this section is all about.

 

When it comes to which SQL statement object performs better under typical use, a Statement or a PreparedStatement, the truth is that the Statement object yields the best performance. When you consider how SQL statements are typically used in an application--1 or 2 here, maybe 10-20 (rarely more) per transaction--you realize that a Statement object will perform them in less time than a PreparedStatement object. In the next two sections, we'll look at this performance issue with respect to both the OCI driver and the Thin driver.

 

Tur pat tabuliņā var redzēt, ka izpildot noteiktu kveriju vienu reizi, prepeared kverijs ir 10x lēnāks.

Vienāds izpildīšanās ātrums ir tad, ja vienu kveriju izpilda nedaudz vairāk par 100 reizēm.

 

Tā, ka tās pērles vari paturēt pie sevis.

 

 

P.S. Uz ātro PHP un Mysql benchmarku gatavu neatradu, bet esmu pārliecināts, ka tendence ir tāda pati kā JAVA un Oracle piemērā. Ja tomēr apgalvo, ka nav, varam intereses pēc uztaisīt benchmarku.

Edited by codez
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...