Re: "WHERE 1 = 2 OR ..." makes planner choose a very inefficient plan

Claudio Freire <klaussfreire@gmail.com>

From: Claudio Freire <klaussfreire@gmail.com>
To: Simon Riggs <simon@2ndquadrant.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, dmitry potapov <potapov.dmitry@gmail.com>, pgsql-performance <pgsql-performance@postgresql.org>
Date: 2013-05-02T15:00:28Z
Lists: pgsql-performance
On Thu, May 2, 2013 at 9:48 AM, Simon Riggs <simon@2ndquadrant.com> wrote:
>>> SELECT count(k0.id)
>>> FROM k0
>>> WHERE 1 = 2
>>>     OR k0.id IN (
>>>         SELECT k1.k0_id
>>>         FROM k1
>>>         WHERE k1.k1k2_id IN (
>>>                 SELECT k2.k1k2_id
>>>                 FROM k2
>>>                 WHERE k2.t = 2
>>>                     AND (coalesce(k2.z, '')) LIKE '%12%'
>>>                 )
>>>         );
>>
...
>
> The situation shown could be the result of SQL injection attack.
>
> It would be nice to have a switch to do additional checks on SQL
> queries to ensure such injections don't cause long runtimes to return
> useless answers.

How could that be the case without becoming much much worse than large runtimes?

I don't think it's the place of the database to worry about SQL injection.