On Thu, Sep 15, 2011 at 00:56, Alex Nikitin wrote:
>
> MySQL real escape string doesn't work, it's a bad solution to the
> problem that has been with the internets since the very beginning, and
> if people program like they are taught to by books, doesn't look like
> it's going away any time soon
MySQL real escape string doesn't work, it's a bad solution to the
problem that has been with the internets since the very beginning, and
if people program like they are taught to by books, doesn't look like
it's going away any time soon. The problem of course is that various
programming languages
On Wed, Sep 14, 2011 at 21:01, Alex Nikitin wrote:
> You can use a limit with a nested select, you just can't use it in
> some cases, like inside an "IN" statement, but something like this
> should work:
>
> SELECT id, data, etc FROM table JOIN (SELECT special_id as id FROM
> special_table ORDER B
On Wed, Sep 14, 2011 at 16:02, Eric Butera wrote:
> Just out of curiosity, where are these ids coming from? Doing a raw
> implode on them like that is a sql injection vuln.
>
They are in an array. I do of course is_int() them first, plus some
other sanitation including mysql_real_escape_string()
You can use a limit with a nested select, you just can't use it in
some cases, like inside an "IN" statement, but something like this
should work:
SELECT id, data, etc FROM table JOIN (SELECT special_id as id FROM
special_table ORDER BY special_id LIMIT 0, 1000) AS table2 USING (id)
Note: syntax
On Wed, Sep 14, 2011 at 4:12 AM, Dotan Cohen wrote:
> On Wed, Sep 14, 2011 at 06:05, chetan rane wrote:
>> Hi,
>>
>> There are 2 peoblems with subselect
>>
>> 1. You cant use a limit on the nested select
>> 2. Id the number of elements in the in clause exceeds the subselect buffer
>> you will run
On Wed, Sep 14, 2011 at 06:05, chetan rane wrote:
> Hi,
>
> There are 2 peoblems with subselect
>
> 1. You cant use a limit on the nested select
> 2. Id the number of elements in the in clause exceeds the subselect buffer
> you will run into performance issues ans eventually you query will be
> do
On Tue, Sep 13, 2011 at 23:04, Alex Nikitin wrote:
> Dotan,
>
> IN (the function used in all of the queries above) is not the same as an
> INNER_JOIN, inner join joins 2 tables, as you have already described, IN
> however is a function that return 1 if the value being searched for is in
> the arra
Hi,
There are 2 peoblems with subselect
1. You cant use a limit on the nested select
2. Id the number of elements in the in clause exceeds the subselect buffer
you will run into performance issues ans eventually you query will be
doomed. Inner joins in,this is the best option for this . You can u
On Tue, Sep 13, 2011 at 3:45 PM, Dotan Cohen wrote:
> On Tue, Sep 13, 2011 at 21:34, Alex Nikitin wrote:
> > And this will be faster or at least more efficient with a limit (e.g.
> limit
> > 50) this way when you have found the 50 users in the "in" statement, you
> > don't continue iterating thr
On Tue, Sep 13, 2011 at 21:34, Alex Nikitin wrote:
> And this will be faster or at least more efficient with a limit (e.g. limit
> 50) this way when you have found the 50 users in the "in" statement, you
> don't continue iterating through the rest of your data set...
>
The number is never exactly
On Tue, Sep 13, 2011 at 21:06, Steve Staples wrote:
> I mentioned that implode earlier, but there is also the underlying
> question (which I also asked earlier)... how is he getting the 50 id's
> to populate?
>
> here are 2 other ways of skinning the cat:
>
> using an inner join:
> select table.*
On Tue, Sep 13, 2011 at 17:34, Steve Staples wrote:
> what criteria are you using to get the "stats" for these 50 users?
>
They are passed as an array into a function I'm cleaning up.
> also, wouldn't this be much better suited for the mysql mailing list?
>
Yes.
> if you know all the userids
On Tue, Sep 13, 2011 at 17:32, muad shibani wrote:
> Yes there is but all the IDs in one string like this
> $ids = $id1.', '.$id2.', ' ;
> note : remove the last comma from the string
> the make the query like this:
> mysql_query("SELECT * FROM table WHERE
> userID= in($ids ) }
Thank you Muad!
On Tue, Sep 13, 2011 at 17:29, Ashley Sheridan
wrote:
> SELECT * FROM table WHERE userID IN (1,2,3,4,5,etc)
>
> Much smaller than what you proposed in #3, and easier to make if your user is
> list is already an array.
>
Thank you Ash, that is exactly what I was looking for!
--
Dotan Cohen
ht
On Tue, Sep 13, 2011 at 2:06 PM, Steve Staples wrote:
> On Tue, 2011-09-13 at 09:48 -0700, David Harkness wrote:
> > On Tue, Sep 13, 2011 at 7:29 AM, Ashley Sheridan
> > wrote:
> >
> > > SELECT * FROM table WHERE userID IN (1,2,3,4,5,etc)
> > >
> >
> > +1. And this is a great place to use implode
Another theoretical approach, given the grey areas, would be to add a
field to your table to indicate these "special" users. I would call
the field "is_awesome" and have it default to zero, because that's
just the way it is. Then you can make your query "SELECT * FROM users
WHERE is_awesome=1".
On Tue, 2011-09-13 at 09:48 -0700, David Harkness wrote:
> On Tue, Sep 13, 2011 at 7:29 AM, Ashley Sheridan
> wrote:
>
> > SELECT * FROM table WHERE userID IN (1,2,3,4,5,etc)
> >
>
> +1. And this is a great place to use implode():
>
> $sql = 'select ... where userID in (' . implode(',', $ids
On Tue, Sep 13, 2011 at 7:29 AM, Ashley Sheridan
wrote:
> SELECT * FROM table WHERE userID IN (1,2,3,4,5,etc)
>
+1. And this is a great place to use implode():
$sql = 'select ... where userID in (' . implode(',', $ids) . ')';
David
Tue, 13 Sep 2011 15:29:26 +0100
>>> To: dotanco...@gmail.com; php-general@lists.php.net
>>> Subject: Re: [PHP] Querying a database for 50 users' information: 50
>>queries or a WHERE array?
>>>
>>>
>>>
>>> Dotan Cohen wrote:
>>
yeer tai wrote:
>
>
>select * from table where userID in(1,2,3,etc)
>
>
>
>> From: a...@ashleysheridan.co.uk
>> Date: Tue, 13 Sep 2011 15:29:26 +0100
>> To: dotanco...@gmail.com; php-general@lists.php.net
>> Subject: Re: [PHP] Querying a database f
select * from table where userID in(1,2,3,etc)
> From: a...@ashleysheridan.co.uk
> Date: Tue, 13 Sep 2011 15:29:26 +0100
> To: dotanco...@gmail.com; php-general@lists.php.net
> Subject: Re: [PHP] Querying a database for 50 users' information: 50 queries
> or a WHERE arr
On Tue, 2011-09-13 at 17:24 +0300, Dotan Cohen wrote:
> I have a MySQL database table with about 10,000 rows. If I want to
> query for 50 specific users (so no LIMIT ORDER BY) then I seem to have
> these choices:
>
> 1) SELECT * FROM table
> This will pull in all 10,000 rows, not nice!
>
> 2) for
Yes there is but all the IDs in one string like this
$ids = $id1.', '.$id2.', ' ;
note : remove the last comma from the string
the make the query like this:
mysql_query("SELECT * FROM table WHERE
userID= in($ids ) }
On Tue, Sep 13, 2011 at 7:24 AM, Dotan Cohen wrote:
> I have a MySQL database t
Dotan Cohen wrote:
>I have a MySQL database table with about 10,000 rows. If I want to
>query for 50 specific users (so no LIMIT ORDER BY) then I seem to have
>these choices:
>
>1) SELECT * FROM table
>This will pull in all 10,000 rows, not nice!
>
>2) foreach ($user as $u) { mysql_query("SELEC
25 matches
Mail list logo