Hi,
When doing mysql query (SELECT statements) in php, we often use prepare
statement to prevent SQL injection. However, I just noticed that the
prepare statements can SLOW the number of queries per second by a
factor of 2 times (max).
So are there any faster method that can prevent SQL injection, but has
a better performance?
Thanks.
3  2847 
If it is MySQL < 4.1, then you are using emulated prepared statements,
which may be causing the slowdown. It wouldn't surprise me if PEAR was
doing some funny regex's to parse the queries, escape the values, etc.
If you're using a database abstraction library, maybe try switching the
abstraction library (See PDO and Adodb, among others), it might speed
things up.
It should also be noted that using prepare/execute requires 2 trips to
the server
( http://dev.mysql.com/tech-resources/...atements.html),
since it has to send it to be parsed, then send it to be executed.
This would account for the exact factor of 2. ho******@gmail.com wrote: Hi,
When doing mysql query (SELECT statements) in php, we often use prepare
statement to prevent SQL injection. However, I just noticed that the
prepare statements can SLOW the number of queries per second by a
factor of 2 times (max).
So are there any faster method that can prevent SQL injection, but has
a better performance?
Thanks.
Richard Levasseur 寫道: If it is MySQL < 4.1, then you are using emulated prepared statements,
which may be causing the slowdown. It wouldn't surprise me if PEAR was
doing some funny regex's to parse the queries, escape the values, etc.
If you're using a database abstraction library, maybe try switching the
abstraction library (See PDO and Adodb, among others), it might speed
things up.
It should also be noted that using prepare/execute requires 2 trips to
the server
(http://dev.mysql.com/tech-resources/...atements.html),
since it has to send it to be parsed, then send it to be executed.
This would account for the exact factor of 2.
ho******@gmail.com wrote: Hi,
When doing mysql query (SELECT statements) in php, we often use prepare
statement to prevent SQL injection. However, I just noticed that the
prepare statements can SLOW the number of queries per second by a
factor of 2 times (max).
So are there any faster method that can prevent SQL injection, but has
a better performance?
Thanks.
Thanks...
So is that means in order to prevent SQL injection, we must need this
kind of overhead? ho******@gmail.com wrote: Richard Levasseur 寫道:
If it is MySQL < 4.1, then you are using emulated prepared statements,
which may be causing the slowdown. It wouldn't surprise me if PEAR was
doing some funny regex's to parse the queries, escape the values, etc.
If you're using a database abstraction library, maybe try switching the
abstraction library (See PDO and Adodb, among others), it might speed
things up.
It should also be noted that using prepare/execute requires 2 trips to
the server
(http://dev.mysql.com/tech-resources/...atements.html),
since it has to send it to be parsed, then send it to be executed.
This would account for the exact factor of 2.
ho******@gmail.com wrote: Hi,
When doing mysql query (SELECT statements) in php, we often use prepare
statement to prevent SQL injection. However, I just noticed that the
prepare statements can SLOW the number of queries per second by a
factor of 2 times (max).
So are there any faster method that can prevent SQL injection, but has
a better performance?
Thanks.
Thanks...
So is that means in order to prevent SQL injection, we must need this
kind of overhead?
You could manually escape the values before you query, its just a lot
more work to $databaseHandle->escape($value) for every user submitted
value. This would most likely solve the performance problem. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Mike Chirico |
last post by:
Interesting Things to Know about MySQL
Mike Chirico (mchirico@users.sourceforge.net)
Copyright (GPU Free Documentation License) 2004
Last Updated: Mon Jun 7 10:37:28 EDT 2004
The latest...
|
by: serge calderara |
last post by:
Dear all,
I have read on article that the same SQL querry is call many time, for
perfomramce reaon it is needed to call the SQLCommand.Prepare method before
executing.
What does that prepare...
|
by: Mairhtin O'Feannag |
last post by:
Hello,
I have a client (customer) who asked the question : "Why would I buy and
use UDB, when MySql is free?"
I had to say I was stunned. I have no experience with MySql, so I was
left sort...
|
by: # Cyrille37 # |
last post by:
Hello all,
I come to you to getting help for managing multi threading and database connection.
My project use Xml-Rpc to receive messages, so each call come from a different
thread.
Incoming...
|
by: Ted |
last post by:
Understand, I have developed a number of applications using RDBMS,
including MySQL, PostgreSQL and MS Access, but this is my first
experience with MS SQL. I'd bet my bottom dollar that MS SQL...
|
by: william.david.anderson |
last post by:
Hi there,
I'm thinking of using a PREPARE statement inside a stored
procedure, but
am wondering about the performance penalty associated with calling
PREPARE
multiple times. Below is an...
|
by: Akino877 |
last post by:
Hello,
I have a small Perl program :
#!/usr/bin/perl -w
use DBI;
use Mysql;
$host = "";
$database = "";
$user = "root";
|
by: fungazid |
last post by:
Help help help please
Im using DBD::mysql, and I want to insert a record into clients table (id, address, and phone-number of a client):
my $str= ?,?,?,,,;
my...
|
by: Gordon |
last post by:
With the move over to PHP 5.x I' mnow writing a lot of code that makes
use of prepared statements as the PHP manual has nothing but good
things to say about them. They have less overhead for the...
|
by: ssnaik84 |
last post by:
Hi Guys,
Last year I got a chance to work with R&D team, which was working on DB scripts conversion..
Though there is migration tool available, it converts only tables and constraints..
Rest of...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development projectplanning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
