1. Home
  2. Forums Index
  3. Server Side / Databases 5:33 am May 21, 2026

Forum Moderators: open

Message Too Old, No Replies

Stable Query?

Where or

         

petulantpoetess

9:59 pm on Sep 27, 2006 (gmt 0)

10+ Year Member



I am a self-taught php / mysql coder. Recently, I came across a dilemma where I needed to make a specific query. I had no idea how to do it, and none of the help texts seemed to address it. So I decided to treat it as a mathematical equation, and it worked. Now I am wondering if it is a stable query, or if perhaps it might be putting undue stress on the database and or dbuser, which the members use to access the database.

Here is the query. Would this have any adverse effects?

$result2 = mysql_query("SELECT * FROM ".$tableprefix."dbname_categories WHERE (catid = '$catid' OR optcatid = '$catid') AND parentcatid = '$parentcatid' ORDER BY displayorder ASC");

It is the (catid = '$catid' OR optcatid = '$catid') that I'm concerned about, of course.

carguy84

8:53 am on Sep 28, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



well, I'm 99% sure it's susceptible to sql injection unless you're doing some data cleansing on the value of $catid. That aside, if you're dealing with integers here:
(catid = '$catid' OR optcatid = '$catid')
you can drop the ' '
(catid = $catid OR optcatid = $catid) AND parentcatid = $parentcatid

performance wise, it's about as good as you can get it. If you don't need all the columns returned, you can swap out the "Select *" for "Select column1, column2....". Not sure how much of a performance gain that will get you if the table and rows are small.

Chip-

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Databases 5:33 am May 21, 2026