From: | "W(dot) Matthew Wilson" <matt(at)tplus1(dot)com> |
---|---|
To: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
Cc: | "psycopg(at)postgresql(dot)org" <psycopg(at)postgresql(dot)org> |
Subject: | Re: Is passing a list as a bound variable safe from SQL injection? |
Date: | 2013-10-02 16:31:50 |
Message-ID: | CAGHfCUDMq1uAstus-6qgjt3df45G9smGmqWZn4caWMXEXTfDfw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | psycopg |
On Wed, Oct 2, 2013 at 12:17 PM, Daniele Varrazzo <
daniele(dot)varrazzo(at)gmail(dot)com> wrote:
> What other approach? Not using IN: the IN operator is converted to "=
> any(array)" by the postgres parser:
>
> =# explain select * from x where id in (1,2,3,4,5);
> QUERY PLAN
> ------------------------------------------------------------
> Seq Scan on x (cost=0.00..6.58 rows=5 width=51)
> Filter: (id = ANY ('{1,2,3,4,5}'::integer[]))
>
> It is true that this can be very inefficient for long lists, I've
> experimented it myself several times, but it's not something you can
> change at driver level: creating a temp table to join on can be faster
> even for not very long lists.
>
>
> -- Daniele
>
This is the approach (and it does involve very long lists):
http://www.datadoghq.com/2013/08/100x-faster-postgres-performance-by-changing-1-line/
Instead of writing = any(array[1,2,3,4]), they wrote = any(values (1), (2),
(3), (4), )
and somehow that works more quickly.
Would it be possible to make a python list subclass that converts itself to
"values ( ... )" rather than to "array[ ... ]"? I imagine that this might
be useful for these gigantic lists.
Matt
--
W. Matthew Wilson
matt(at)tplus1(dot)com
http://tplus1.com
From | Date | Subject | |
---|---|---|---|
Next Message | Federico Di Gregorio | 2013-10-03 07:53:45 | Re: Is passing a list as a bound variable safe from SQL injection? |
Previous Message | Daniele Varrazzo | 2013-10-02 16:17:11 | Re: Is passing a list as a bound variable safe from SQL injection? |