tags:

views:

111

answers:

4
+2  Q: 

Lots of 'If statement', or a redundant mysql query?

Hey all,

$url = mysql_real_escape_string($_POST['url']);
$shoutcast_url = mysql_real_escape_string($_POST['shoutcast_url']);
$site_name = mysql_real_escape_string($_POST['site_name']);
$site_subtitle = mysql_real_escape_string($_POST['site_subtitle']);
$email_suffix = mysql_real_escape_string($_POST['email_suffix']);
$logo_name = mysql_real_escape_string($_POST['logo_name']);
$twitter_username = mysql_real_escape_string($_POST['twitter_username']);

with all those options in a form, they are pre-filled in (by the database), however users can choose to change them, which updates the original database. Would it be better for me to update all the columns despite the chance that some of the rows have not been updated, or just do an if ($original_db_entry = $possible_new_entry) on each (which would be a query in itself)?

Thanks

+6  A: 

I'd say it doesn't really matter either way - the size of the query you send to the server is hardly relevant here, and there is no "last updated" information for columns that would be updated unjustly, so...

By the way, what I like to do when working with such loads of data is create a temporary array.

$fields = array("url", "shoutcast_url", "site_name", "site_subtitle" , ....); 

foreach ($fields as $field)
 $$field = mysql_real_escape_string($_POST[$field]);

the only thing to be aware of here is that you have to be careful not to put variable names into $fields that would overwrite existing variables.

Update: Col. Shrapnel makes the correct and valid point that using variable variables is not a good practice. While I think it is perfectly acceptable to use variable variables within the scope of a function, it is indeed better not use them at all. The better way to sanitize all incoming fields and have them in a usable form would be:

$sanitized_data = array();
$fields = array("url", "shoutcast_url", "site_name", "site_subtitle" , ....); 

foreach ($fields as $field)
 $sanizited_data[$field] = mysql_real_escape_string($_POST[$field]);

this will leave you with an array you can work with:

$sanitized_data["url"] = ....
$sanitized_data["shoutcast_url"] = ....
Pekka  2010-06-23 11:10:59
That's a good idea; but what's with the two $'s?
Sam  2010-06-23 11:13:05
@Sam the `$$field` sets `$url`, `$shoutcast_url`, `$site_name`.... Whichever string in the array the current loop is running through. The code sets exactly the variables as your code block does, just with fewer lines.
Pekka  2010-06-23 11:14:00
+1 for "variable variable" suggestion
DrColossos  2010-06-23 11:23:13
One don't need actually variable variable here, because we need not a variable itself but an SQL query string.
Col. Shrapnel  2010-06-23 11:32:54
@Col that depends on what else he is doing with the data before inserting it. Also, it's a general demonstration of a technique to reduce the amount of lines needed for a certain code block. I don't really understand how that is downvote-worthy to you.
Pekka  2010-06-23 11:58:22
variable variable always deserves a downvote you know. do not mix code and data. do not use tricks interpreter allows you
Col. Shrapnel  2010-06-23 12:11:33
@Col okay, point taken. I updated my answer.
Pekka  2010-06-23 12:26:26
Thanks. cool edit :)
Col. Shrapnel  2010-06-23 12:28:56
+1  A: 

Just run a single query that updates all columns:

UPDATE table SET col1='a', col2='b', col3='c' WHERE id = '5'
Naktibalda  2010-06-23 11:11:37
A: 

Yes, it's ok to update every field.
A simple function to produce SET statement:

function dbSet($fields) {
  $set='';
  foreach ($fields as $field) {
    if (isset($_POST[$field])) {
      $set.="`$field`='".mysql_real_escape_string($_POST[$field])."', ";
    }
  }
  return substr($set, 0, -2); 
}

and usage:

$fields = explode(" ","name surname lastname address zip fax phone");
$query  = "UPDATE $table SET ".dbSet($fields)." WHERE id=$id";
Col. Shrapnel  2010-06-23 11:41:55
This will not work for check boxes. If you unset a check box, the change will be lost and the field unchanged.
Pekka  2010-06-23 12:02:56
@Pekka yeah, but you still don't need variable variables for checkboxes
Col. Shrapnel  2010-06-23 12:10:04
@Col what does that have to do with the issue at hand?
Pekka  2010-06-23 12:11:28
@Pekka you can do some preparations before calling this function. Assemble date value from separate parts, fill checkboxes values etc. and then use it to assemble a query. No variable other than superglobal ones are needed
Col. Shrapnel  2010-06-23 12:27:54
@Col where can I do those preparations? Writing into `$_POST`? Is that a good idea? I'm not sure. The function is fine, but it's not applicable if you have check boxes, is what I'm saying.
Pekka  2010-06-23 12:29:19
@Pekka $_POST or any other array, it doesn't matter. But array is a key word. Dealing with array is always better than with separate variables. You've made only first step with $fields array, but there is another - a resulting SQL query, which is our goal, not variables. That is what is what I'm saying. You're still one of the few cool guys here, peace :)
Col. Shrapnel  2010-06-23 12:43:40
@Col yeah, it's all right. However, if you want to build a proper generic query string builder, you'll need to add support for check boxes somehow IMO. Either by adding hidden "_type" fields into the form, and checking for those, or by having an array of check box fields. It's a big shortcoming of HTML IMO. Anyway, this is good stuff but goes beyond the scope of what the OP asked ... But maybe he can use it.
Pekka  2010-06-23 12:46:13
+1  A: 

I would recommend that you execute the UPDATE with all column values. It'd be less costly than trying to confirm that the value is different than what's currently in the database. And that confirmation would be irrelevant anyway, because the values in the database could change instantly after you check them if someone else updates them.

If you issue an UPDATE against MySQL and the values are identical to values already in the database, the UPDATE will be a no-op. That is, MySQL reports zero rows affected. MySQL knows not to do unnecessary work during an UPDATE.

If only one column changes, MySQL does need to do work. It only changes the columns that are different, but it still creates a new row version (assuming you're using InnoDB).

And of course there's some small amount of work necessary to actually send the UPDATE statement to the MySQL server so it can compare against the existing row. But typically this takes only hundredths of a millisecond on a modern server.

Bill Karwin  2010-06-23 11:44:02

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL