The perils of Non-Use of Bind Variables in Oracle

The biggest problem in many applications is the non-use of bind variables.  Oracle bind variables are a super important way to make Oracle SQL reentrant.

Why is the use of bind variables such an issue?

Oracle uses a signature generation algorithm to assign a hash value to each SQL statement based on the characters in the SQL statement. Any change in a statement (generally speaking) will result in a new hash and thus Oracle assumes it is a new statement. Each new statement must be verified, parsed and have an execution plan generated and stored, all high overhead procedures.

The high overhead procedures might be avoided by using bind variables. See these notes on Oracle cursor_sharing for details.

Ad-hoc query generators (Crystal Reports, Discoverer, Business Objects) do not use bind variables, a major reason for Oracle developing the cursor_sharing parameter to force SQL to use bind variables (when cursor_sharing=force).

Bind variables and shared pool usage

Use of bind variables can have a huge impact on the stress in the shared pool and it is important to know about locating similar SQL in Oracle.  This script shows how to check your shared pool for SQL that is using bind variables. Below is an example output of a database that is utilizing bind variables and the SQL is fully reentrant:

When SQL is placed within PL/SQL, the embedded SQL never changes and a single library cache entry will be maintained and searched, greatly improving the library cache hit ratio and reducing parsing overhead. 

Here are some particularly noteworthy advantages of placing SQL within Oracle stored procedures and packages:

• High productivity:  PL/SQL is a language common to all Oracle environments. Developer productivity is increased when applications are designed to use PL/SQL procedures and packages because it avoids the need to rewrite code.  Also, the migration complexity to different programming environments and front-end tools will be greatly reduced because Oracle process logic code is maintained inside the database with the data, where it belongs.  The application code becomes a simple "shell" consisting of calls to stored procedures and functions.

• Improved Security:  Making use of the "grant execute" construct, it is possible to restrict access to Oracle, enabling the user to run only the commands that are inside the procedures. For example, it allows an end user to access one procedure that has a command delete in one particular table instead of granting the delete privilege directly to the end user. The security of the database is further improved since you can define which variables, procedures and cursors will be public and which will be private, thereby completely limiting access to those objects inside the PL/SQL package.  With the "grant" security model, back doors like SQL*Plus can lead to problems; with "grant execute" you force the end-user to play by your rules.

• Application portability:  Every application written in PL/SQL can be transferred to any other environment that has the Oracle Database installed regardless of the platform.  Systems that consist without any embedded PL/SQL or SQL become "database agnostic" and can be moved to other platforms without changing a single line of code.

• Code Encapsulation: Placing all related stored procedures and functions into packages allows for the encapsulation of storage procedures, variables and datatypes in one single program unit in the database, making packages perfect for code organization in your applications.

• Global variables and cursors:  Packages can have global variables and cursors that are available to all the procedures and functions inside the package. 

The bind variables play a vital role in the memory management and performance enhancement in dynamic SQL processing. When an SQL query is executed multiple times with different hard-coded values, it parses every single time based on the unique hard-coded values as like below,

By executing the V$SQL view with the appropriate columns, the parsing information related to the above statements can be gathered as like below,

In the above result set, all three queries are parsed with different hash values.

However, when the query statement uses a bind variable instead of the hard-coded value, the query doesn’t parse for the multiple values of the bind variable but only once irrespective of the number of executions.

Now, the below V$SQL query results as,

By examining the above result set, it shows that only one instance of the query is parsed irrespective of the number of times the statement is executed. The reason behind this behavior is, the parsing of the query happens right before the bind value assignment thus, the query is common to multiple bind values. Failing to use the bind variables may fill up the shared pool space with a large number of identical queries resulting in bad performance and resource containment.

In the below anonymous block, the employee IDs 100 through 105 are deleted from the employees table by dynamically assigning the table name and the column name in the run time.

Here, as stated in the above cases, the above anonymous block can be effectively modified by using the bind value as like below,

Other notes on using bind variables includes: