Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Not a Bug
-
3.1.0, 3.0.8
-
None
-
CentOS, ProxySQL
Description
When using ProxySQL and querying 'stats_mysql_prepared_statements_info' there are thousands of entries for statements that have been run using the ODBC SQLExecDirect statement.
For example:
SELECT col1 FROM table1 WHERE col2 = 'XXXXXXX'
SELECT col1 FROM table1 WHERE col2 = 'YYYYYYY'
SELECT col1 FROM table1 WHERE col2 = 'ZZZZZZZ'
This causes a problem on the MariaDB cluster as it reaches 'max_prepared_stmt_count'.
As the statement is already prepared and doesn't contain any '?' it should not send a prepared statement to the server, instead, it should just execute the statement as is.
When using MySQL ODBC connector, the issue does not happen. Only the direct query is sent to the server.
This issue creates a DDoS type attack on the MariaDB servers and stops further processing until the 'max_prepared_stmt_count' drops.
The SQLExecDirect ODBC method is described as:
"Direct execution works best for statements that will be executed a single time. Its major drawback is that the SQL statement is parsed every time it is executed. In addition, the application cannot retrieve information about the result set created by the statement (if any) until after the statement is executed; this is possible if the statement is prepared and executed in two separate steps."
Therefore it should never be prepared by the server. I have updated this to be a 'Blocker' due to the possible DDoS nature of this issue.
Attachments
Issue Links
- relates to
-
ODBC-222 Make SQLExecDirect to use text protocol(i.e. mysql_query)
-
- Closed
-