 | |
Re: [BUGS] partial indexes not used on parameterized queries?
mailing.database.pgsql-bugs mailing.database.pgsql-bugs
 |
| | Thread Tools | Display Modes |
#1
 
| |||
| |||
|
Re: [BUGS] partial indexes not used on parameterized queries? -
07-10-2006
, 06:52 AM
|
we are using postgresql 8.1.4 and found that partial indexes are not being used when the query is run using parameters, eg. in a function. When running the same query with arguments passed in the query string partial indexes are being used. Any clues? Has this behaviour changed for a while? |
The index can only be used if we know at plan time that the index
predicate is true for all times that the query is executed. We cannot
know this for the exact query and index combination you have requested.
If we acted differently, your query would return the wrong answer in
some circumstances.
I can't find anything in the manual that explains this distinction.
Here's an example that explains this more easily:
If your index looked like this
CREATE INDEX c_6000_index ON consumption (voi)=20
WHERE=20
code > 5000
AND val1 IS NULL;
and your query like this
UPDATE c=20
SET val1=3D1784=20
WHERE=20
( code > 6000
AND val1 IS NULL )
AND code =3D ?=20
AND voi =3D '1923328-8-0-0';
....then the index could be used, because the index predicate is implied
by part of the query clause for all values of the parameter.
So its best to look for some other static definition of the index.
I'll submit a doc patch.
--=20
Simon Riggs
EnterpriseDB http://www.enterprisedb.com
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo (AT) postgresql (DOT) org so that your
message can get through to the mailing list cleanly
#2
| |||
| |||
|
|
In any case I would see this as a security problem because you cannot control sql code injection easily (as with using DBD::Pg) if you have to pass parameters in the SQL string to use partial indexes. |
behaviour.
--=20
Simon Riggs
EnterpriseDB http://www.enterprisedb.com
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
#3
| |||
| |||
|
|
Hi Simon, are you sure this has not been changed? I'm pretty sure my code worked a= =20 while ago. We are using Perl DBD::Pg on the client side and almost never = pass=20 parameters inside the SQL string for security reasons. I can't say if it= =20 broke from 8.0 -> 8.1 for us or in one of the minor 8.1 releases. |
Older versions of DBD::Pg simulated prepared statements behind the
scenes so your postgresql server got to plan every query individually.
You might want to switch of server side prepares for your specific=20
query and see if that helps. See the description of the pg_server_prepare
in the DBD::Pg manpage on how to go about this.
Quote:
|
In any case I would see this as a security problem because you cannot con= trol=20 sql code injection easily (as with using DBD::Pg) if you have to pass=20 parameters in the SQL string to use partial indexes. |
defense against sql code injection.
Greetings
Christian
--=20
Christian Kratzer ck (AT) cksoft (DOT) de
CK Software GmbH http://www.cksoft.de/
Phone: +49 7452 889 135 Fax: +49 7452 889 136
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo (AT) postgresql (DOT) org so that your
message can get through to the mailing list cleanly
|
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.