Consider the following:
<cfquery name="aQuery" datasource="#aSource#">
SELECT aColumn
FROM aTable
WHERE bColumn = <cfqueryparam value="#aVariable#" cfsqltype="#aSqlType#" />
AND cColumn = 'someConstant'
AND dColumn is null
</cfquery>
If I change
AND cColumn = 'someConstant'
to
AND cColumn = <cfqueryparam value="someConstant" cfsqltype="#aSqlType#" />
Is there a potential performance improvement? Is there potential to hurt performance?
What if I do the same (use cfqueryparam) with AND dColumn is null
?
My findings have been inconclusive.
If it's important, assume ColdFusion9 and Oracle db 11g.
EDIT:
I'd just like to reiterate that I'm asking about cfqueryparam tags being used specifically with constants and/or null values and the performance remifications, if any.
Is there a potential performance improvement?
No. Bind variables are most useful when varying parameters are involved. Without them, the database would generate a new execution plan every time the query parameters changed (which is expensive). Bind variables encourage the database to cache and reuse a single execution plan, even when the parameters change. This saves the cost of compiling, boosting performance. There is really no benefit with constants. Since the value never changes, the database will always reuse the execution plan. So there is not much reason to use it on constants.
Is there potential to hurt performance?
I have a seen a few mentions of special cases where using bind variables on constants may actually degrade performance. But that is really on a case-by-case basis.
- http://decipherinfosys.wordpress.com/2007/04/02/scenario-for-using-a-constant-instead-of-a-bind-variable-in-an-oltp-system/
- http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:24110#121568
I don't think so, since you already have one <cfqueryparam>
and that will turn it into a prepared statement, but I'm not sure.
Using a query param will help in 2 ways.
First, it will protect you from SQLI. It will add a level of protection to make sure that the data in the param is what is expected.
Secondly, you will see a performance increase. However, the increase depends on the data schema and indexes. The param will allow for the database to cache the query plan. This speeds up the initial overhead of the query execution. The more complex the query, the more important is becomes to cache the query plan.
Also, make sure you have a covering indexes for all the columns in the where clause and that they are in the correct order. If not, the query optimizer may opt to ignore the indexes and go directly to doing table scans.