Most efficient way to run query
Question
Since PHP5 and with the delete of mysql_query (RIP.) I'm quite confused on what the most effecient way to run a query. Since there are multiple ways.
The options that I know of are these:
Option 1:
$getInfo = "SELECT * FROM app2 WHERE id='". $appID ."' ";
$oStmt = $dbportal->prepare($getInfo);
$oStmt = $dbportal->execute();
I believe this is PDO.
Option 2:
$createQuery="INSERT INTO usr2 SET login='". $user ."', role='". $role ."'";
$dbportal->query($createQuery);
kinda PDOish?
Would someone be so kinda to push me in the right direction? A link is fine too, couldn't find anything
OfficialBAMM. \\o/
1 answers
solution1
2 ACCPTED 2015-02-20 09:01:55
To prevent SQL injection, you should use prepared statements with placeholders:
$getInfo = "SELECT * FROM app2 WHERE id = :id";
$oStmt = $dbportal->prepare($getInfo);
$oStmt->execute(array(':id' => $appID));
Efficiency should not be a concern until you get the code correct. Premature optimization is the root of all evil. And the slow part of performing a database query is accessing the data, not the way you call it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.