HiveBrain v1.2.0
Get Started
← Back to all entries
patternphpMinor

Search script code efficiency

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
scriptcodeefficiencysearch

Problem

Is there a more efficient way to write this? This script will be used heavily and I want to make sure I do not have any memory leaks or speed issues.

This script gets an input from a form and searches the database for that record.

 0) {
    $row = mysql_fetch_assoc($result);

if ($row['exp'] 

Solution

Efficiency

Nothing to worry about. It's only a linear script, there are no loops anywhere. You don't need to worry about efficiency.

Security and best-practices horrible practices

I should really have you write down this sentence 100 times on a piece of paper:

DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED

DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED

DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED

DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED

(...)

Although your SQL is technically safe, I think you can write down this sentence 2 times, and read up on what it is about:

GIVE ME PARAMETRIZED SQL OR GIVE ME DEATH

GIVE ME PARAMETRIZED SQL OR GIVE ME DEATH

There are other positive things with prepared queries / parametrized SQL than just security issues. I strongly recommend switching to prepared queries and not looking back. It's easy to miss using the mysql_real_escape_string function (and in my opinion it has an overly long function name). Switching to prepared queries helps with all these things, plus a couple of others.

There is also the fact that the mysql_ methods will be entirely removed in future versions of PHP. You are not the only one still using mysql_ methods unfortunately, and it is not the first time I'm saying this.

Start converting your code to use mysqli or PDO NOW. Nothing Else Matters! (Feel free to listen to that song while you convert your code).

Context

StackExchange Code Review Q#51930, answer score: 9

Revisions (0)

No revisions yet.