8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | 21c | Misc | PL/SQL | SQL | RAC | WebLogic | Linux
Home » Articles » Misc » Here
If you've read anything about writing OLTP applications that talk to Oracle databases, you will know that bind variables are very important.
Each time a SQL statement is sent to the database, an exact text match is performed to see if the statement is already present in the shared pool. If no matching statement is found a hard parse is performed, which is a resource intensive process. If the statement is found in the shared pool this step is not necessary and a soft parse is performed. Concatenating variable values into a SQL statement makes the statement unique, forcing a hard parse. By contrast, using bind variables allow reuse of statements as the text of the statement remains the same. Only the value of the bind variable changes.
Bind Peeking¶ If bind variables are so grand, why not enable them by default, everywhere? The problem lies in what is referred to as bind peeking. When Oracle encounters a statement with bind variables for the very first time, it looks at the literals supplied, checks the histogram (if available), and then fixes the execution plan.
Why do we care?
- Holding many similar SQL statements in the shared pool is a waste of memory.
- Filling the shared pool with similar statements will cause well written statements to get paged out of the shared pool quickly, forcing them to be reparsed also.
- Parsing SQL statements is a resource intensive process. Reducing the number of hard parses results in reduced CPU usage.
- Bind variables protect against SQL Injection.
In the sections below you will see the impact of using literals, substitution variables and bind variables in your code.
Related articles.
Literals
- Use the%Bind construct to retrieve a field value from a state record. You can use%Bind anywhere in a SQL statement. When run,%Bind returns the value of the state record field identified within its parentheses.
- Bind variables are variables you create in SQL.Plus and then reference in PL/SQL. If you create a bind variable in SQL.Plus, you can use the variable as you would a declared variable in your PL/SQL subprogram and then access the variable from SQL.Plus.
- Use bind variables that intelligently pick the right plan every time and make sure a new execution plan is perfect before it's used. By now many of you have heard an earful about how using bind variables enhances performance; for those who haven't, let me try to explain the core concepts in as simple manner as I can.
The following example shows the affect of using literals on the shared pool. First the shared pool is cleared of previously parsed statements. Then two queries are issued, both specifying literal values in the WHERE
clause. Finally the contents of the shared pool is displayed by querying the V$SQL
view.
From this we can see that both queries were parsed separately.
Substitution Variables
Substitution variables are a feature of the SQL*Plus tool. They have nothing to do with the way SQL is processed by the database server. When a substitution variable is used in a statement, SQL*Plus requests an input value and rewrites the statement to include it. The rewritten statement is passed to the database. As a result, the database server knows nothing of the substitution variable. The following example illustrates this by repeating the previous test, this time using substitution variables.
Once again, both statements were parsed separately. As far as the database server is concerned, literals and substitution variables are the same thing.
Exactly the same behavior occurs when scripts contain placeholders to allow parameters to be sent to them from the command line. So for example, imagine a script called 'dummy.sql' containing the following.
This can be called from SQL*Plus like this.
When run, the placeholder '&1' will be replaced by the value 'MyValue'. This is just the same as a substitution variable.
Bind Variables
The following example illustrates the affect of bind variable usage on the shared pool. It follows the same format as the previous examples.
This clearly demonstrates that the same SQL statement was executed twice.
Performance Issues
The following example measures the amount of CPU used by a session for hard and soft parses when using literals. The shared pool is flushed and a new session is started. Dynamic SQL is used to mimic an application sending 10 statements to the database server. Notice that the value of the loop index is concatinated into the string, rather than using a bind variable. The CPU usage is retrieved from the V$MYSTAT
view by querying the 'parse time cpu
' statistic. This statistic represents the total CPU time used for parsing (hard and soft) in 10s of milliseconds. The statements present in the shared pool are also displayed.
The results show that 630 milliseconds of CPU time were used on parsing during the session. Fallout new vegas soundtrack torrent. In addition, the shared pool contains 10 similar statements using literals.
The following example is a repeat of the previous example, this time using bind variables. Notice that the USING
clause is used to supply the loop index, rather than concatenating it into the string.
In the sections below you will see the impact of using literals, substitution variables and bind variables in your code.
Related articles.
Literals
- Use the%Bind construct to retrieve a field value from a state record. You can use%Bind anywhere in a SQL statement. When run,%Bind returns the value of the state record field identified within its parentheses.
- Bind variables are variables you create in SQL.Plus and then reference in PL/SQL. If you create a bind variable in SQL.Plus, you can use the variable as you would a declared variable in your PL/SQL subprogram and then access the variable from SQL.Plus.
- Use bind variables that intelligently pick the right plan every time and make sure a new execution plan is perfect before it's used. By now many of you have heard an earful about how using bind variables enhances performance; for those who haven't, let me try to explain the core concepts in as simple manner as I can.
The following example shows the affect of using literals on the shared pool. First the shared pool is cleared of previously parsed statements. Then two queries are issued, both specifying literal values in the WHERE
clause. Finally the contents of the shared pool is displayed by querying the V$SQL
view.
From this we can see that both queries were parsed separately.
Substitution Variables
Substitution variables are a feature of the SQL*Plus tool. They have nothing to do with the way SQL is processed by the database server. When a substitution variable is used in a statement, SQL*Plus requests an input value and rewrites the statement to include it. The rewritten statement is passed to the database. As a result, the database server knows nothing of the substitution variable. The following example illustrates this by repeating the previous test, this time using substitution variables.
Once again, both statements were parsed separately. As far as the database server is concerned, literals and substitution variables are the same thing.
Exactly the same behavior occurs when scripts contain placeholders to allow parameters to be sent to them from the command line. So for example, imagine a script called 'dummy.sql' containing the following.
This can be called from SQL*Plus like this.
When run, the placeholder '&1' will be replaced by the value 'MyValue'. This is just the same as a substitution variable.
Bind Variables
The following example illustrates the affect of bind variable usage on the shared pool. It follows the same format as the previous examples.
This clearly demonstrates that the same SQL statement was executed twice.
Performance Issues
The following example measures the amount of CPU used by a session for hard and soft parses when using literals. The shared pool is flushed and a new session is started. Dynamic SQL is used to mimic an application sending 10 statements to the database server. Notice that the value of the loop index is concatinated into the string, rather than using a bind variable. The CPU usage is retrieved from the V$MYSTAT
view by querying the 'parse time cpu
' statistic. This statistic represents the total CPU time used for parsing (hard and soft) in 10s of milliseconds. The statements present in the shared pool are also displayed.
The results show that 630 milliseconds of CPU time were used on parsing during the session. Fallout new vegas soundtrack torrent. In addition, the shared pool contains 10 similar statements using literals.
The following example is a repeat of the previous example, this time using bind variables. Notice that the USING
clause is used to supply the loop index, rather than concatenating it into the string.
The results show that 400 milliseconds of CPU time were used on parsing during the session, less than two thirds the amount used in the previous example. As expected, there is only a single statement in the shared pool.
These simple examples clearly show how replacing literals with bind variables can save both memory and CPU, making OLTP applications faster and more scalable. If you are using third-party applications that don't use bind variables you may want to consider setting the CURSOR_SHARING parameter, but this should not be considered a replacement for bind variables. The CURSOR_SHARING parameter is less efficient and can potentially reduce performance compared to proper use of bind variables.
SQL Injection
Concatenating strings together with user input to form an SQL statement is a classic way to allow an SQL injection attack against your system. If you use bind variables for user input, the statement can't be attacked with an SQL injection attack. The statement is fixed. Only the bind variable value changes.
Centos 7 64 bit free download. If for some reason you can't use a bind variable, you must sanitise the user input. This can be done using the DBMS_ASSERT
package, described here.
For more information see:
Bind In Peoplesoft Portal
Hope this helps. Regards Tim..