This question already has answers here:
PDO support for multiple queries (PDO_MYSQL, PDO_MYSQLND)
(7 answers)
Closed 8 years ago.
My select statement looks somewhat like this :
CREATE TEMPORARY TABLE t1 AS(
SELECT id, COUNT(*) AS count
FROM some_other_table
GROUP BY id);
ALTER TABLE t1 ADD UNIQUE INDEX (id);
SELECT * FROM t2 INNER JOIN t1 ON t1.id = t2.id
I'm using the following PHP code :
$pdo->query($sql)->fetchAll();
But I get an error since PDO does not allow multiple statements' execution in one query.
From what I've read so far, I should use exec(). But then exec() does not return results for select statement. I do not need the parametrization for this specific query so any unsafe method will work too, since the query itself is perfectly safe from any outside alteration.
Right now what I'm doing is executing the sql code as 3 different statements. but I believe that's slower than executing it in one go and would like to find a better method to do this.
Like many other inexperienced developers, you are looking wrong way trying to optimize your code.
While it doesn't really matter how many calls did you to database, the very idea of creating temporary table IS what makes your code inefficient. And you have to get rid of this really slow part instead of trying to optimize it for 0.00001%
Related
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 4 years ago.
Edit:The problem's been solved.I used PDO's prepared statement to use where by using ? in place of the variable and then later binding it with the variable string.
I have used the below mentioned sql query to join two tables and display there data.Here it is
SELECT docinfo.fnamedoc,docinfo.lnamedoc,docinfo.department,
prescriptions.prescription FROM docinfo INNER JOIN prescriptions
ON docinfo.unamedoc=prescriptions.unamed
When i use an additional WHERE alongside this statement than i am it works with an SQL DB software "DB browser for SQLite" when i run the sql code on it but it isnt working with php.Nothing gets displayed when i use where but the code in php works when i dont use where.
The code with WHERE is as follows:
SELECT docinfo.fnamedoc,docinfo.lnamedoc,docinfo.department,
prescriptions.prescription FROM docinfo INNER JOIN prescriptions
ON docinfo.unamedoc=prescriptions.unamed WHERE prescriptions.unamep=$uname`
The picture of query running successfully in "DB browser for sqlite" and displaying one row is as follows
SQL Query in DB Browser for SQLITE
The problem's been solved.I used PDO's prepared statement to use where by using ? in place of the variable and then later binding it with the variable string using $db->Bindparam(1,$uname).I still dont know what was causing it but now its solved.
This question already has an answer here:
Performance/efficiency of 2 SELECT statements vs UNION vs anything else in MySQL-PHP
(1 answer)
Closed 8 years ago.
I have to run a query which retrieves records from two databases. The query is the same for both databases and I use the UNION relationship to just made one query.
The following example will describe what I actually want to do
SELECT col1 FROM db1.table1 UNION SELECT col1 FROM db2.table1 ;
I am using php to execute the above query so I need to know which is better for performance run the above query once or make two queries and merge the results by php
SELECT col1 FROM db1.table1
SELECT col1 FROM db2.table1
please note that I am using a complicated mysql queries which uses regex and sometimes i use subqueries.
Thanks
The only way to be sure is to benchmark it, which I haven't. The following is my best guess about the differences, assuming that:
In both cases there is some post processing in PHP (e.g. printing a result to a browser),
You will always run both queries together (either both are in query cache or none).
If you run them separately you implement the duplicate row removal in PHP.
If there are no duplicate rows:
The union should be faster by a constant amount of time (e.g. 30ms), because of the overhead of running 2 queries instead of one.
If there are duplicate rows:
The union will save you some traffic and PHP processing and might get noticeably faster (if there are a lot of duplicates).
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
MySQL Injection - Use SELECT query to UPDATE/DELETE
So I have found in my site bug that allows to perform sql injection
http://mysite.com/script.php?id=1 union select 1,2,3 will output all fields that has Id property equal to one plus one additional row with 1,2,3. I know that I have to validate user input to close my bug.
However my question is quite another. Is it possible to perform update query or insert query? I am able to comment query using --, however I cannot use multiple statements that are delimited by ;. So is it possible to perform update query in my case. I can show PHP code and SQL query if needed.
$sql = "SELECT id, title, text from table where cId=$val";
$result = mysql_query($sql);
$array = mysql_fetch_array($result);
//echo rows in table
Judging from MySQL Injection - Use SELECT query to UPDATE/DELETE
all that is protecting you is a limitation of mysql_query. I would not rely on this, and in particular not that it remains this way over time. You should never rely on a feature to be disabled by default. Maybe the next version already allows statements such as.
SELECT id, title, text from table where cId=1; DROP table table
Nope it is not possible. Most probably you ar running mysql_query, that would not allow multiple queries to be run in one pass. And hence if your query starts with SELECT (as it does), it would not allow any UPDATE injection
Edit: Use mysql_real_escape_string on your input even then
By default this should not be possible. Although there are options for mysql_query to run multiple statements in one string since MySQL 5.0 which you have to set with mysql_set_server_option.
Please consider changing your statement command like this to use mysql_real_escape_string:
$q = mysql_fetch_array(mysql_query("SELECT id, title, text from table where cId = " . mysql_real_escape_string($val)));
At the very best you change your code to use PDO since all mysql_* functions are officially deprecated.
I was recently trying to do a project*, which caused me to ask this question. Although since then I've found an alternative solution, I am still curious if what I envisioned doing is, in any way, possible.
Essentially, I am wondering if there is anyway to perform a MySQL query on a MySQL query result in php. For example:
$result = mysql_query("SELECT * FROM foo WHERE bar=".$barValue);
AND THEN, be able to perform multiple queries on $result:
$newResult = mysql_query("SELECT * FROM $result WHERE otherBar=".$barValue);
OR
$otherNewResult = mysql_query("SELECT * FROM $result WHERE otherOtherBar=".$barValue." ORDER BY foobar ASC");
AND so on and so forth...
I realize that I could append the original query with my new WHERE statements and ORDER BYs, but that causes my to query the database unnecessarily and it prevents me from writing more objected oriented code (because I can't pass around a result to be queried, but rather have to requery the database in every function...)
Any advice, pieces of code, frameworks, or ramblings appreciated.
*BTW, my project was having to query a large database of people for people born in certain age groups and then query those age groups for different demographics.
Edit
No, writing a custom function to query the database is not worth the object-orientation (and modifiability) it would give me
You could do a nested query in the same SQL query and keep PHP out of it:
'SELECT * FROM (SELECT * FROM foo WHERE bar="something") AS q1 WHERE q1.bar2 = "something else"'
The question has already been answered. However following explanation will help someone who might be interested in knowing the details of it.
What are Nested query / subquery:
Subqueries are also known as nested queries. A subquery is a SELECT statement within another statement. MySQL supports all SQL standards and additionally provides MySQL specific features.
Why should I use Subquery:
Subquery is structured and it is possible to isolate each parts of statement
Subquery is more readable that complex joins and unions
Subquery provides alternative means to perform action which otherwise would require complex joins and unions
What Subquery returns:
A subquery can return a single value, a single row, a single column, or a table. These are called scalar, column, row, and table subqueries.
Reference: http://dev.mysql.com/doc/refman/5.7/en/subqueries.html
http://www.w3resource.com/sql/subqueries/nested-subqueries.php
If I have 2 mysql_query commands in a single php file, is their a way to combine them?
For example, I have:
$a=mysql_query(SELECT * FROM table1);
$b=mysql_query(SELECT id FROM table3);
but I want to combine them into a single mysql_query, would this be more efficient? would it be faster?
multiple queries are not supported in mysql_query as descripted on php manual, so you can't combine both query in php mysql_query way
Here is another good reference from php manual notes:
Executed with multiple queries at
once, the mysql_query function will
return a result only for the first
query. The other queries will be
executed as well, but you won't have a
result for them.
UNION should work (MySQL Manual)
SELECT id FROM table1 UNION SELECT id FROM table3;
Edit:
I see: You want all ("*") from table1. This is a little bit more difficult, but UNION may help also. However, you are really sure you want to do this? Is there any relationship beetween those two tables, or should this just be a kind of micro optimization?