column wildcards in SELECT #7

Closed
ecki opened this Issue Jul 17, 2011 · 3 comments

Comments

Projects
None yet
2 participants
@ecki

ecki commented Jul 17, 2011

in server/user/reset.php the select for the user uses "SELECT *", this can be rewritten as "SELECT username", this will reduce the information transmitted, allows using of covering index and is generally best practice for SQL.

Instead of $userarray I would also use a $username variable (like ...)

in server/user/requestreset.php the same "SELECT username" can be used. This code already uses the $username variable

There is a third wildcard in functions-global.inc.php # getUser(), but in that case it is a somewhat dynamic list of columns (nevertheless they could be expliciteley specified)

@janschejbal

This comment has been minimized.

Show comment Hide comment
@janschejbal

janschejbal Nov 23, 2011

Owner

Looks like this is done now.

Owner

janschejbal commented Nov 23, 2011

Looks like this is done now.

@ecki

This comment has been minimized.

Show comment Hide comment
@ecki

ecki Nov 24, 2011

Yes, the last select * is this one:

includes/functions-global.inc.php: $result = $db->query("SELECT * FROM user
s LEFT JOIN tokens ON users.token = tokens.token WHERE username = ? AND pwhash =
?", array($username, $pwhash));

It somewhat uses the * to allow dynamic columns for the user attributes (if I remeber right). I would code them into a config setting. This will enforce database consistency.

ecki commented Nov 24, 2011

Yes, the last select * is this one:

includes/functions-global.inc.php: $result = $db->query("SELECT * FROM user
s LEFT JOIN tokens ON users.token = tokens.token WHERE username = ? AND pwhash =
?", array($username, $pwhash));

It somewhat uses the * to allow dynamic columns for the user attributes (if I remeber right). I would code them into a config setting. This will enforce database consistency.

@janschejbal

This comment has been minimized.

Show comment Hide comment
@janschejbal

janschejbal Nov 24, 2011

Owner

Am 2011-11-24 05:46, schrieb ecki:

It somewhat uses the * to allow dynamic columns for the user attributes (if I remeber right). I would code them into a config setting. This will enforce database consistency.

Yes, that is supposed to be this way (with *).

Owner

janschejbal commented Nov 24, 2011

Am 2011-11-24 05:46, schrieb ecki:

It somewhat uses the * to allow dynamic columns for the user attributes (if I remeber right). I would code them into a config setting. This will enforce database consistency.

Yes, that is supposed to be this way (with *).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment