SQL最佳实践指南：提升查询性能、安全与可读性的完整教程

sql-best-practices by mindrally/skills

122 周安装量

58 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/mindrally/skills --skill sql-best-practices

数据库代码规范性能优化

🇨🇳中文介绍

SQL 最佳实践

核心原则

编写清晰、可读的 SQL，保持格式一致并使用有意义的别名
通过适当的索引和优化优先考虑查询性能
实施安全最佳实践以防止 SQL 注入
适当使用事务以确保数据完整性
使用内联注释记录复杂查询

查询编写标准

格式与风格

SQL 关键字使用大写（SELECT, FROM, WHERE, JOIN）
为提高可读性，将每个主要子句放在新的一行
使用有意义的表别名（例如 customers AS c，而不是 customers AS x）
一致地缩进子查询和嵌套条件
对齐列列表和条件以增强视觉清晰度

SELECT
    c.customer_id,
    c.customer_name,
    o.order_date,
    o.total_amount
FROM customers AS c
INNER JOIN orders AS o ON c.customer_id = o.customer_id
WHERE o.order_date >= '2024-01-01'
    AND o.status = 'completed'
ORDER BY o.order_date DESC;

列选择

在生产代码中避免使用 SELECT *；明确列出所需列
使用列别名来澄清输出：

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

相关 Skills

Azure PostgreSQL 无密码身份验证配置指南：Entra ID 迁移与访问管理

34,800 周安装

PostgreSQL表设计最佳实践：核心规则、数据类型选择与常见陷阱详解

12,500 周安装

代码审查最佳实践指南：完整流程、安全与性能审查清单

12,400 周安装

Supabase 使用指南：安全最佳实践、CLI 命令与 MCP 服务器配置

3,600 周安装

SELECT first_name AS "First Name"

考虑 SELECT 中列的顺序以实现逻辑分组

在 WHERE 子句中，将限制性最强的条件放在前面
使用适当的运算符：优先使用 IN 而非多个 OR 条件
检查存在性时，在子查询中使用 EXISTS 而不是 IN
尽可能避免在 WHERE 子句中对索引列使用函数
使用参数化查询以防止 SQL 注入

-- 推荐：使用 EXISTS 进行存在性检查
SELECT c.customer_name
FROM customers AS c
WHERE EXISTS (
    SELECT 1 FROM orders AS o
    WHERE o.customer_id = c.customer_id
    AND o.order_date > '2024-01-01'
);

-- 避免：对索引列使用函数
WHERE YEAR(order_date) = 2024

-- 推荐：范围比较
WHERE order_date >= '2024-01-01' AND order_date < '2025-01-01'

始终使用显式 JOIN 语法，而不是在 WHERE 中使用隐式连接
明确指定连接类型（INNER, LEFT, RIGHT, FULL OUTER）
尽可能按从大到小的表顺序进行连接
根据数据需求使用适当的连接类型
谨慎使用 CROSS JOIN；确保其是有意为之

-- 显式连接（推荐）
SELECT c.name, o.order_id
FROM customers AS c
INNER JOIN orders AS o ON c.customer_id = o.customer_id;

-- 避免隐式连接
SELECT c.name, o.order_id
FROM customers c, orders o
WHERE c.customer_id = o.customer_id;

在 WHERE、JOIN 和 ORDER BY 子句中使用的列上创建索引
对于多列查询，考虑使用复合索引
避免过度索引；每个索引都会增加写入开销
定期分析和维护索引
对频繁执行的查询使用覆盖索引

使用 EXPLAIN/EXPLAIN ANALYZE 来理解查询执行计划
当不需要完整结果集时，使用 TOP/LIMIT 限制结果集
对大型结果集使用分页
尽可能避免相关子查询；改用 JOIN
考虑对频繁执行的查询进行查询缓存

-- 分页示例
SELECT product_id, product_name, price
FROM products
ORDER BY product_id
LIMIT 20 OFFSET 40;

尽可能在分组前进行过滤（使用 WHERE 而非 HAVING）
使用适当的聚合函数（COUNT, SUM, AVG 等）
考虑使用窗口函数进行累计和排名

-- 高效：在聚合前过滤
SELECT category_id, COUNT(*) AS product_count
FROM products
WHERE active = true
GROUP BY category_id
HAVING COUNT(*) > 10;

尽可能缩短事务持续时间
根据您的用例使用适当的事务隔离级别
始终包含带有 ROLLBACK 的错误处理
避免在事务打开期间进行用户交互
对复杂的多步骤操作使用保存点

BEGIN TRANSACTION;

UPDATE accounts SET balance = balance - 100 WHERE account_id = 1;
UPDATE accounts SET balance = balance + 100 WHERE account_id = 2;

IF @@ERROR <> 0
    ROLLBACK TRANSACTION;
ELSE
    COMMIT TRANSACTION;

始终使用参数化查询或预编译语句
切勿将用户输入直接拼接到 SQL 字符串中
对数据库用户应用最小权限原则
审计和记录敏感数据访问
对静态和传输中的敏感数据进行加密

-- 使用参数化查询（伪代码）
PREPARE stmt FROM 'SELECT * FROM users WHERE username = ?';
EXECUTE stmt USING @username;

数据修改最佳实践

始终明确指定列名
尽可能对多行使用批量插入
考虑使用 MERGE/UPSERT 来处理插入或更新场景

INSERT INTO customers (customer_name, email, created_at)
VALUES
    ('John Doe', 'john@example.com', CURRENT_TIMESTAMP),
    ('Jane Smith', 'jane@example.com', CURRENT_TIMESTAMP);

始终包含 WHERE 子句（除非有意更新所有行）
先用 SELECT 测试 UPDATE 查询
对关键更新考虑使用事务

始终包含 WHERE 子句
对可恢复数据使用软删除（状态标志）
考虑对相关表的级联影响

表和列名使用 snake_case
表名使用单数名词（customer，而不是 customers）
主键使用表名前缀：customer_id
使用描述性名称：order_total 而不是 ot
适当为布尔列添加前缀：is_active, has_shipped

在查询内注释复杂的业务逻辑
记录存储过程的目的、参数和示例
维护数据字典以描述表和列
对数据库模式变更进行版本控制

在存储过程中实施适当的错误处理
记录错误并提供足够的上下文以便调试
向调用应用程序返回有意义的错误消息
在支持的地方使用 TRY-CATCH 块

🇺🇸English

SQL Best Practices

Core Principles

Write clear, readable SQL with consistent formatting and meaningful aliases
Prioritize query performance through proper indexing and optimization
Implement security best practices to prevent SQL injection
Use transactions appropriately for data integrity
Document complex queries with inline comments

Query Writing Standards

Formatting and Style

Use uppercase for SQL keywords (SELECT, FROM, WHERE, JOIN)
Place each major clause on a new line for readability
Use meaningful table aliases (e.g., customers AS c not customers AS x)
Indent subqueries and nested conditions consistently
Align column lists and conditions for visual clarity

SELECT c.customer_id, c.customer_name, o.order_date, o.total_amount FROM customers AS c INNER JOIN orders AS o ON c.customer_id = o.customer_id WHERE o.order_date >= '2024-01-01' AND o.status = 'completed' ORDER BY o.order_date DESC;

Column Selection

Avoid SELECT * in production code; explicitly list required columns
Use column aliases to clarify output: SELECT first_name AS "First Name"
Consider the order of columns in SELECT for logical grouping

Filtering and Conditions

Place most restrictive conditions first in WHERE clauses
Use appropriate operators: prefer IN over multiple OR conditions
Use EXISTS instead of IN for subqueries when checking existence
Avoid functions on indexed columns in WHERE clauses when possible
Use parameterized queries to prevent SQL injection

-- Preferred: Use EXISTS for existence checks SELECT c.customer_name FROM customers AS c WHERE EXISTS ( SELECT 1 FROM orders AS o WHERE o.customer_id = c.customer_id AND o.order_date > '2024-01-01' );

-- Avoid: Function on indexed column WHERE YEAR(order_date) = 2024

-- Preferred: Range comparison WHERE order_date >= '2024-01-01' AND order_date < '2025-01-01'

Join Best Practices

Always use explicit JOIN syntax instead of implicit joins in WHERE
Specify join type explicitly (INNER, LEFT, RIGHT, FULL OUTER)
Order joins from largest to smallest table when possible
Use appropriate join types based on data requirements
Be cautious with CROSS JOINs; ensure they are intentional

-- Explicit join (preferred) SELECT c.name, o.order_id FROM customers AS c INNER JOIN orders AS o ON c.customer_id = o.customer_id;

-- Avoid implicit join SELECT c.name, o.order_id FROM customers c, orders o WHERE c.customer_id = o.customer_id;

Performance Optimization

Indexing Guidelines

Create indexes on columns used in WHERE, JOIN, and ORDER BY clauses
Consider composite indexes for multi-column queries
Avoid over-indexing; each index adds write overhead
Regularly analyze and maintain indexes
Use covering indexes for frequently executed queries

Query Optimization

Use EXPLAIN/EXPLAIN ANALYZE to understand query execution plans
Limit result sets with TOP/LIMIT when full results are not needed
Use pagination for large result sets
Avoid correlated subqueries when possible; use JOINs instead
Consider query caching for frequently executed queries

-- Pagination example SELECT product_id, product_name, price FROM products ORDER BY product_id LIMIT 20 OFFSET 40;

Aggregation Best Practices

Filter before grouping when possible (WHERE vs HAVING)
Use appropriate aggregate functions (COUNT, SUM, AVG, etc.)
Consider window functions for running totals and rankings

-- Efficient: Filter before aggregation SELECT category_id, COUNT() AS product_count FROM products WHERE active = true GROUP BY category_id HAVING COUNT() > 10;

Transaction Management

Keep transactions as short as possible
Use appropriate isolation levels for your use case
Always include error handling with ROLLBACK
Avoid user interaction during open transactions
Use savepoints for complex multi-step operations

BEGIN TRANSACTION;

UPDATE accounts SET balance = balance - 100 WHERE account_id = 1; UPDATE accounts SET balance = balance + 100 WHERE account_id = 2;

IF @@ERROR <> 0 ROLLBACK TRANSACTION; ELSE COMMIT TRANSACTION;

Security Best Practices

Always use parameterized queries or prepared statements
Never concatenate user input directly into SQL strings
Apply principle of least privilege for database users
Audit and log sensitive data access
Encrypt sensitive data at rest and in transit

-- Use parameterized queries (pseudo-code) PREPARE stmt FROM 'SELECT * FROM users WHERE username = ?'; EXECUTE stmt USING @username;

Data Modification Best Practices

INSERT Operations

Always specify column names explicitly
Use bulk inserts for multiple rows when possible
Consider using MERGE/UPSERT for insert-or-update scenarios

INSERT INTO customers (customer_name, email, created_at) VALUES ('John Doe', 'john@example.com', CURRENT_TIMESTAMP), ('Jane Smith', 'jane@example.com', CURRENT_TIMESTAMP);

UPDATE Operations

Always include a WHERE clause (unless intentionally updating all rows)
Test UPDATE queries with SELECT first
Consider using transactions for critical updates

DELETE Operations

Always include a WHERE clause
Use soft deletes (status flags) for recoverable data
Consider CASCADE effects on related tables

Naming Conventions

Use snake_case for table and column names
Use singular nouns for table names (customer, not customers)
Prefix primary keys with table name: customer_id
Use descriptive names: order_total not ot
Prefix boolean columns appropriately: is_active, has_shipped

Documentation

Comment complex business logic within queries
Document stored procedures with purpose, parameters, and examples
Maintain a data dictionary for table and column descriptions
Version control database schema changes

Error Handling

Implement proper error handling in stored procedures
Log errors with sufficient context for debugging
Return meaningful error messages to calling applications
Use TRY-CATCH blocks where supported

Weekly Installs

Repository

mindrally/skills

GitHub Stars

First Seen

Jan 25, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

gemini-cli83

opencode82

codex78

cursor77

github-copilot75

claude-code74

GSAP时间轴动画教程：创建多步骤序列动画与关键帧控制

3,600 周安装

SQL最佳实践指南：提升查询性能、安全与可读性的完整教程

🇨🇳中文介绍

SQL 最佳实践

核心原则

查询编写标准

格式与风格

列选择

相关 Skills

过滤与条件

连接最佳实践

性能优化

索引指南

查询优化

聚合最佳实践

事务管理

安全最佳实践