个人中心
gpt4 book ai didi

sql-server - SQL Server 自定义计数器存储过程创建欺骗

转载 作者:行者123 更新时间:2023-12-02 12:24:41 24 4
gpt4 key购买 nike

我创建了一个存储过程来对我的 API 实现速率限制,每秒调用大约 5-10k 次,每天我都会注意到计数器表中存在重复的情况。

enter image description here

它查找传入的 API key ,然后使用“UPSERT”检查包含 ID 和日期组合的计数器表,如果找到结果,则执行 UPDATE [count]+1,如果没有,则插入一个新行。

计数器表中没有主键。

这是存储过程:

USE [omdb]
GO
/****** Object:  StoredProcedure [dbo].[CheckKey]    Script Date: 6/17/2017 10:39:37 PM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[CheckKey] (
@apikey AS VARCHAR(10)
)
AS
BEGIN

SET NOCOUNT ON;

DECLARE @userID as int
DECLARE @limit as int
DECLARE @curCount as int
DECLARE @curDate as Date = GETDATE()

SELECT @userID = id, @limit = limit FROM [users] WHERE apiKey = @apikey

IF @userID IS NULL
    BEGIN
        --Key not found
        SELECT 'False' as [Response], 'Invalid API key!' as [Reason]
    END
ELSE
    BEGIN
        --Key found
        BEGIN TRANSACTION Upsert
        MERGE [counter] AS t
        USING (SELECT @userID AS ID) AS s
        ON t.[ID] = s.[ID] AND t.[date] = @curDate
        WHEN MATCHED THEN UPDATE SET t.[count] = t.[count]+1
        WHEN NOT MATCHED THEN INSERT ([ID], [date], [count]) VALUES (@userID, @curDate, 1);
        COMMIT TRANSACTION Upsert

        SELECT @curCount = [count] FROM [counter] WHERE ID = @userID AND [date] = @curDate

        IF @limit IS NOT NULL AND @curCount > @limit
            BEGIN
                SELECT 'False' as [Response], 'Request limit reached!' as [Reason]
            END
        ELSE
            BEGIN
                SELECT 'True' as [Response], NULL as [Reason]
            END
    END
END

我还认为引入此 SP 后会发生一些锁定。

这些骗子并没有破坏任何东西,但我很好奇我的代码是否有根本性的错误,或者我是否应该在表中设置一个约束来防止这种情况发生。谢谢

2017 年 6 月 23 日更新:我删除了 MERGE 语句并尝试使用 @@ROWCOUNT,但它也导致了欺骗

BEGIN TRANSACTION Upsert
UPDATE [counter] SET [count] = [count]+1 WHERE [ID] = @userID AND [date] = @curDate
IF @@ROWCOUNT = 0 AND @@ERROR = 0
INSERT INTO [counter] ([ID], [date], [count]) VALUES (@userID, @curDate, 1)
COMMIT TRANSACTION Upsert

最佳答案

一个HOLDLOCK更新语句上的提示将避免竞争条件。为了防止死锁,我建议在 ID 上使用聚集复合主键(或唯一索引)。和date .

下面的示例合并了这些更改并使用 SET <variable> = <column> = <expression> SET 的形式子句以避免后续 SELECT 的需要最终计数器值,从而提高性能。

ALTER PROCEDURE [dbo].[CheckKey]
    @apikey AS VARCHAR(10)
AS

SET NOCOUNT ON;
--SET XACT_ABORT ON is a best practice for procs with explcit transactions
SET XACT_ABORT ON; 

DECLARE
      @userID as int
    , @limit as int
    , @curCount as int
    , @curDate as Date = GETDATE();

BEGIN TRY;

    SELECT
          @userID = id
        , @limit = limit 
    FROM [users] 
    WHERE apiKey = @apikey;

    IF @userID IS NULL
    BEGIN
        --Key not found
        SELECT 'False' as [Response], 'Invalid API key!' as [Reason];
    END
    ELSE
    BEGIN
        --Key found
        BEGIN TRANSACTION Upsert;

        UPDATE [counter] WITH(HOLDLOCK) 
        SET @curCount = [count] = [count] + 1 
        WHERE
            [ID] = @userID 
            AND [date] = @curDate;

            IF @@ROWCOUNT = 0
            BEGIN    
                INSERT INTO [counter] ([ID], [date], [count]) 
                    VALUES (@userID, @curDate, 1);
            END;

        IF @limit IS NOT NULL AND @curCount > @limit
        BEGIN
            SELECT 'False' as [Response], 'Request limit reached!' as [Reason]
        END
        ELSE
        BEGIN
            SELECT 'True' as [Response], NULL as [Reason]
        END;

        COMMIT TRANSACTION Upsert;

    END;

END TRY
BEGIN CATCH
    IF @@TRANCOUNT > 0 ROLLBACK;
    THROW;
END CATCH;
GO

关于sql-server - SQL Server 自定义计数器存储过程创建欺骗,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44611738/

24 4 0
文章推荐: elasticsearch - 带有 filebeat 的 K8s Elasticsearch 在重启后保持 'not ready'
文章推荐: java - 我无法在图形顶部显示按钮
文章推荐: kubernetes - 我可以对节点设置 CPU 限制吗?
文章推荐: java - Spring Boot高级查询
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com