patternphpMinor
Search script code efficiency
Viewed 0 times
scriptcodeefficiencysearch
Problem
Is there a more efficient way to write this? This script will be used heavily and I want to make sure I do not have any memory leaks or speed issues.
This script gets an input from a form and searches the database for that record.
This script gets an input from a form and searches the database for that record.
0) {
$row = mysql_fetch_assoc($result);
if ($row['exp'] Solution
Efficiency
Nothing to worry about. It's only a linear script, there are no loops anywhere. You don't need to worry about efficiency.
Security and best-practices horrible practices
I should really have you write down this sentence 100 times on a piece of paper:
DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED
DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED
DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED
DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED
(...)
Although your SQL is technically safe, I think you can write down this sentence 2 times, and read up on what it is about:
GIVE ME PARAMETRIZED SQL OR GIVE ME DEATH
GIVE ME PARAMETRIZED SQL OR GIVE ME DEATH
There are other positive things with prepared queries / parametrized SQL than just security issues. I strongly recommend switching to prepared queries and not looking back. It's easy to miss using the
There is also the fact that the mysql_ methods will be entirely removed in future versions of PHP. You are not the only one still using mysql_ methods unfortunately, and it is not the first time I'm saying this.
Start converting your code to use mysqli or PDO NOW. Nothing Else Matters! (Feel free to listen to that song while you convert your code).
Nothing to worry about. It's only a linear script, there are no loops anywhere. You don't need to worry about efficiency.
Security and best-practices horrible practices
I should really have you write down this sentence 100 times on a piece of paper:
DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED
DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED
DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED
DO NOT USE THE MYSQL_* FUNCTIONS, THEY ARE DEPRECATED
(...)
Although your SQL is technically safe, I think you can write down this sentence 2 times, and read up on what it is about:
GIVE ME PARAMETRIZED SQL OR GIVE ME DEATH
GIVE ME PARAMETRIZED SQL OR GIVE ME DEATH
There are other positive things with prepared queries / parametrized SQL than just security issues. I strongly recommend switching to prepared queries and not looking back. It's easy to miss using the
mysql_real_escape_string function (and in my opinion it has an overly long function name). Switching to prepared queries helps with all these things, plus a couple of others.There is also the fact that the mysql_ methods will be entirely removed in future versions of PHP. You are not the only one still using mysql_ methods unfortunately, and it is not the first time I'm saying this.
Start converting your code to use mysqli or PDO NOW. Nothing Else Matters! (Feel free to listen to that song while you convert your code).
Context
StackExchange Code Review Q#51930, answer score: 9
Revisions (0)
No revisions yet.