预编译
动态语句和SQL注射
- 构建SQL语句都是字符串,TiDB把字符串编译为可执行的SQL语句
mysql> select * from s1;
+------+
| id |
+------+
| B |
| B,C |
+------+
2 rows in set (0.00 sec)
mysql> delete from s1 where id='B' or 'B'='B';
Query OK, 2 rows affected (0.01 sec)预编译
- 预编译的语句控制了SQL语句的灵活性
- 节省SQL Parse的时间,提高效率
tidb> PREPARE check_query from 'select name,gravity,global_magnetic_field from universe.planets where global_magnetic_field = 1 and (gravity between ? and ?)';
tidb> set @low=5
tidb> set @high=10
tidb> execute check_query using @low, @high;
