I. Introduction/Overview

This week my colleague asked me a question, how to use placeholders for preprocessing in SQL, and why he used prepare but did not take effect;

1. Introduction to prepare

When executing an SQL statement multiple times, if the SQL statement is processed each time to generate an execution plan, it will inevitably waste a certain amount of time.

SQL preprocessing (Prepare) is a special SQL processing method; preprocessing does not directly execute SQL statements, but first compiles SQL statements to generate an execution plan, and then executes SQL statements with SQL parameters through the Execute command.

• Prepare is widely used, and most ORM frameworks have API support;
• Prepare can not only improve SQL execution performance, but also prevent security problems caused by SQL injection;
• Although the syntax of Prepare is very different in each database, in general, we do not write SQL by hand, but use the ORM framework to do it;

2. The origin of prepare?

From the perspective of the mysql server executing sql, the SQL execution process includes the following stages: lexical analysis -> syntax analysis -> semantic analysis -> execution plan optimization -> execution.

The two stages of lexical analysis->grammatical analysis are called hard parsing.

• Lexical analysis identifies each word in sql;
• Syntax analysis parses whether the SQL statement conforms to the SQL syntax, and obtains a syntax tree (Lex).

For sql with different parameters but the same others, their execution time is different but the hard parsing time is the same.

As the query data changes for the same SQL, the execution time of multiple queries may be different, but the time for hard parsing is unchanged.Therefore, for the shorter SQL execution time, the higher the ratio of SQL hard parsing time to the total execution time is.

Prepare appears to optimize the problem of hard parsing.

Although Prepare can save hard parsing time in the execute phase.But if sql is only executed once and executed in prepare mode, then sql execution requires two interactions with the server (prepare and execute), while in normal (non-prepare) mode, only one interaction is required.Using prepare in this way will bring additional network overhead, which outweighs the gain.

If the same SQL needs to be executed multiple times, for example, 10 times in the prepare mode, only one hard parsing is required.At this time, the additional network overhead is negligible; therefore prepare is more suitable for frequently executed SQL.

Second, prepare for IN query

MySQL preprocessing is a set of SQL operations. It does not have a fixed syntax format, but in most cases it is used in the following 3 steps:

1. Use the PREPARE directive to predefine the SQL statement template;
2. Use the SET command to define SQL parameters;
3. Use the EXECUTE command to execute the SQL template with parameters.

1. The preprocessing IN query is invalid!

SQL:

prepare myFun from 'select * from user where id IN (?)';set @str='1,2';execute myFun using @str;

The above SQL will do three things:

1. Create preprocessing SQL (myFun), where variables are to be used are indicated with;
2. set variable @str;
3. Execute preprocessing SQL (myFun), USING followed by parameters, if there are multiple parameters (ie multiple placeholders ?) are separated by commas ,;

SQL execution result:

Judging from the SQL execution results, it is found that the preprocessing SQL is not fully effective, and only one row of records is queried; normally, two rows of records should be found;

2. Solve the problem of invalid preprocessing IN query

Replace with the following SQL:

prepare myFun from 'select * from user where FIND_IN_SET(id,?)';set @str='1,2';execute myFun using @str;

SQL execution result (as expected):

Dynamic IN queries in 3, MyBatis and JDBC

mybatis supports the dynamic sql query of in, the input parameter can be a Collection, and the bottom layer builds the content of the Collection into a string separated by commas , ; it can also be an English comma , delimited strings.

In the native jdbc, sql does not support IN to directly pass in a comma-spliced ​​string for a single placeholder, such as in ('001', '002'), which requires the developer to specify the number of parameters passed in.The number of placeholders to construct;

For example, pass in an array or List, {'001', '002'}; the in that needs to be constructed is: in(, );
Then dynamically construct the SQL statement through the PreparedStatement#setString() method.

Let me introduce myself first. The editor graduated from Jiaotong University in 2013. I worked in a small company and went to big factories such as Huawei and OPPO. I joined Ali in 2018, until now.I know that most junior and intermediate java engineers want to upgrade their skills, they often need to explore their own growth or sign up to study, but for training institutions, the tuition fee is nearly 10,000 yuan, which is really stressful.Self-learning that is not systematic is very inefficient and lengthy, and it is easy to hit the ceiling and the technology stops.Therefore, I collected a "full set of learning materials for java development" for everyone. The original intention is also very simple. I hope to help friends who want to learn by themselves but don't know where to start, and at the same time reduce everyone's burden.Add the business card below to get a full set of learning materials