By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,216 Members | 1,001 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,216 IT Pros & Developers. It's quick & easy.

Re: MySQL Database problem (probably already solved in a message, but this is somewhat urgent)

P: n/a
On Sun, 12 Oct 2008 15:01:10 -0400, sheldonlg <sheldonlgwrote in
<7b******************************@giganews.com>:
>
For your case you will want something like

$sql = "SELECT * FROM tablename
WHERE FSR=" . $FSR .
" AND Password='" . $Password . '";
"SELECT *" is a bad habit. Since he wants those two fields only, it
should be "SELECT FSR, Password FROM tablename WHERE FSR = $FSR AND
Password = '$Password'". Note that I'm assuming that FSR is a numeric
field here. If not, it should also be surrounded by single quotation
marks.

Reasons:

1. "SELECT *" returns all columns from the table, whether you need
them or not. Right now the table may contain only those two columns,
but that can change in the future. Why retrieve more data than you
need?

2. If the table is changed so that one of those two columns is
renamed, replaced or deleted, "SELECT *" won't fail until you try to
access the column in question, whereas "SELECT FSR, Password" will
fail on the mysql_query call, giving you a much better idea of where
the problem is.

One can argue that it doesn't matter much in this particular case, but
keep in mind that we're talking about habits here, which are only
effective when used consistently. You're also giving advice to
someone who seems to know little or nothing about relational
databases, so they don't know what the impact of "SELECT *" is and
won't automatically correct for it when writing their own code the way
an experienced programmer would.

Here are a few articles on good SQL practices that agree with me:

<http://www.sql-server-performance.com/articles/dev/sql_best_practices_p1.aspx>
<http://sheeri.com/archives/104>
<http://mapiles.com/2008/01/18/11-best-practices-in-making-sql-queries/>
<http://www.extremeexperts.com/sql/articles/BestPractices.aspx>
<http://www.sommarskog.se/dynamic_sql.html#Dyn_table(something of a
side note)
--
Charles Calvert | Web-site Design/Development
Celtic Wolf, Inc. | Software Design/Development
http://www.celticwolf.com/ | Data Conversion
(703) 580-0210 | Project Management
Oct 13 '08 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.