PHP programmers most likely to commit 11 MySQL errors

Source: Internet
Author: User
Tags sql injection attack web hosting sql server express
PHP Programmers most frequently commit 11 MySQL errors

For most Web applications, a database is a very basic part. If you're using PHP, you're probably also using the Mysql-lamp series as an important part.

For many beginners, using PHP can easily write code with specific features in just a few hours. However, building a stable and reliable database can take some time and related skills. Here are some of the 11 most serious mysql-related errors I've ever made (some are also reflected in the use of other languages/databases) ...

1. Use MyISAM instead of InnoDB MySQL has a lot of database engines, but the most likely thing you'll encounter is MyISAM and InnoDB. MySQL is using MyISAM by default. However, in many cases this is a bad choice unless you are creating a very simple or experimental database. FOREIGN KEY constraints or transactional processing are important for data integrity, but MyISAM does not support these. In addition, when a record is inserted or updated, the entire data table is locked, which results in very poor operational efficiency when the usage increases. The conclusion is simple: use InnoDB.

2. mysql function using PHP PHP provides MySQL library functions (or near as makes no difference) from the date of generation. Many applications still use functions like Mysql_connect, mysql_query, MYSQL_FETCH_ASSOC, and so on, although the PHP manual says: If you are using MySQL v4.1.3 or later, it is highly recommended that you use the mysqli extension.

Mysqli (MySQL's enhanced extension) has several advantages: an optional object-oriented interface prepared expression, which helps prevent SQL injection attacks, but also improves performance to support more expressions and transactions in addition, if you want to support multiple database systems, you can also consider PDO.

3, do not handle user input this or can say # #: Never trust the user's input. Verify each string with server-side PHP, and do not send hope to JavaScript. The simplest SQL injection attack takes advantage of the following code: $username = $_post["name"]; $password = $_post["password"]; $sql = "Select UserID from usertable WHERE username= ' $username ' and password= ' $password ';"; Run Query ...

Just enter "admin" in the username field and--", this will be black, the corresponding SQL statement is as follows: SELECT userid from usertable WHERE username= ' admin '; cunning hackers can log in with admin, They don't need to know the password because the password snippet is commented out.

4. No use of UTF-8 USA, UK and Australia we seldom consider languages other than English. We are proud to have finished our "masterpiece" and found that they do not work in other places. UTF-8 has solved many international problems. Although it is not well supported before PHP v6.0, it does not affect your MySQL character set to UTF-8.

5, relative to SQL, prefer PHP if you touch MySQL soon, then you will be inclined to use the language you have mastered to solve the problem, which will lead to write some redundant, inefficient code. For example, if you don't use the AVG () function that comes with MySQL, you will first sum the values in the recordset and then use the PHP loop to calculate the average. Also, be aware of SQL queries in the PHP loop. In general, executing a query is more efficient than iterating over the results. Therefore, when analyzing the data, please take advantage of the database system, understand some of the knowledge of SQL will be beneficial.

6, no optimization database query 99% PHP performance problems are caused by the database, just a bad SQL query can make your Web application completely paralyzed. MySQL's explain statement, Query Profiler, and many other tools will help you find these evil select.

7. Data types cannot be used correctly MySQL provides data types such as numeric, string, and date. If you want to store a time, use the date or datetime type. If this is the case with an integer or string type, then the SQL query will be very complex, if you can use an integer or string to define that type. Many people tend to arbitrarily customize some data formats, such as using string to store serialized PHP objects. This may make it easier to manage the database, but it makes MySQL a bad data store and is likely to cause a malfunction later.

8. Use in queries * never use * to return data for all columns of a data table. This is laziness: you should extract the data you need. Even if you need all the fields, your data table will inevitably change.

9. Do not use indexes or overuse indexes The general principle is this: the fields represented by any of the WHERE clauses in the SELECT statement should use the index. For example, suppose we have a user table that includes the numeric ID (primary key) and the email address. When logging in, MySQL must find the correct ID based on an email. If you use an index (in this case, email), MySQL will be able to use a faster search algorithm to locate email, or even instant implementations. Otherwise, MySQL will only be able to check each record sequentially until it finds the correct email address. Some people add indexes on each field, but unfortunately, these indexes need to be regenerated after the insert or update is executed, which can affect performance. So, just add the index when you need it.

10, forget to back up! Although rare, the database still has a risk of crashing. The hard disk may be damaged, the server may crash, and the web hosting provider may go bankrupt! Losing MySQL data will be disastrous, so make sure you have used automatic backups or have replicated them in place.

11, Bonus mistake-do not consider the use of other databases for PHP developers, MySQL may be the most widely used database system, but not the only choice. PostgreSQL and Firebird are the strongest contenders: Both are open source and not bought by the company. Microsoft provides SQL Server Express, Oracle offers 10g Express, both of which are free versions of enterprise databases. Sometimes, for a smaller web application or embedded application, SQLite is a viable alternative.

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.