<7b******************************@giganews.com>:
>"SELECT *" is a bad habit. Since he wants those two fields only, it
For your case you will want something like
$sql = "SELECT * FROM tablename
WHERE FSR=" . $FSR .
" AND Password='" . $Password . '";
should be "SELECT FSR, Password FROM tablename WHERE FSR = $FSR AND
Password = '$Password'". Note that I'm assuming that FSR is a numeric
field here. If not, it should also be surrounded by single quotation
marks.
Reasons:
1. "SELECT *" returns all columns from the table, whether you need
them or not. Right now the table may contain only those two columns,
but that can change in the future. Why retrieve more data than you
need?
2. If the table is changed so that one of those two columns is
renamed, replaced or deleted, "SELECT *" won't fail until you try to
access the column in question, whereas "SELECT FSR, Password" will
fail on the mysql_query call, giving you a much better idea of where
the problem is.
One can argue that it doesn't matter much in this particular case, but
keep in mind that we're talking about habits here, which are only
effective when used consistently. You're also giving advice to
someone who seems to know little or nothing about relational
databases, so they don't know what the impact of "SELECT *" is and
won't automatically correct for it when writing their own code the way
an experienced programmer would.
Here are a few articles on good SQL practices that agree with me:
<http://www.sql-server-performance.com/articles/dev/sql_best_practices_p1.aspx>
<http://sheeri.com/archives/104>
<http://mapiles.com/2008/01/18/11-best-practices-in-making-sql-queries/>
<http://www.extremeexperts.com/sql/articles/BestPractices.aspx>
<http://www.sommarskog.se/dynamic_sql.html#Dyn_table(something of a
side note)
--
Charles Calvert | Web-site Design/Development
Celtic Wolf, Inc. | Software Design/Development
http://www.celticwolf.com/ | Data Conversion
(703) 580-0210 | Project Management
