每个查询有 1 个连接还是每个查询有单独的连接更好?
Is it better to have 1 connection per query or separate connections for each?
是 better/secure 为每个查询创建一个单独的数据库连接 (sample1) 还是我应该只为两个查询创建一个数据库连接 (sample2)?
我有 2 个查询要对数据库进行。
- Select(检查 table 中是否存在电子邮件)。
- 插入(如果电子邮件不存在,则在 table 中创建记录)。
我主要对一种方法相对于另一种方法的安全性和资源成本感兴趣。
注意:下面的示例代码是用户注册码的简化版本。
示例 1。
<?php
$NEW_EMAIL="sample@gmail.com";
$prep_sel = 'SELECT email FROM users WHERE email=?';
$link1 = mysqli_stmt_init($dbc);
if (mysqli_stmt_prepare($link1, $prep_sel)) {
mysqli_stmt_bind_param($link1, 's', $e);
mysqli_stmt_execute($link1);
mysqli_stmt_store_result($link1);
}
// If record does not exist, then insert it.
if (mysqli_stmt_num_rows($link1) == 0) { // Available.
$prep_ins= 'INSERT INTO users (email) VALUES (?)';
$link2 = mysqli_stmt_init($dbc);
if (mysqli_stmt_prepare($link2, $prep_ins)) {
mysqli_stmt_bind_param($link2, 'sssss', $NEW_EMAIL);
mysqli_stmt_execute($link2);
}
}
?>
样本 2.
<?php
$NEW_EMAIL="sample@gmail.com";
$prep_sel = 'SELECT email FROM users WHERE email=?';
$link1 = mysqli_stmt_init($dbc);
if (mysqli_stmt_prepare($link1, $prep_sel)) {
mysqli_stmt_bind_param($link1, 's', $e);
mysqli_stmt_execute($link1);
mysqli_stmt_store_result($link1);
}
// If record does not exist, then insert it.
if (mysqli_stmt_num_rows($link1) == 0) { // Available.
$prep_ins= 'INSERT INTO users (email) VALUES (?)';
if (mysqli_stmt_prepare($link1, $prep_ins)) {
mysqli_stmt_bind_param($link1, 'sssss', $NEW_EMAIL);
mysqli_stmt_execute($link1);
}
}
?>
是否有示例 3 选项?如果您将数据库中的 email 列更改为 UNIQUE,这意味着不允许重复的电子邮件。请参阅下面的 table 示例:
CREATE TABLE users
(
id int auto_increment primary key,
email varchar(20) unique
);
如果您尝试注册一个已经使用该给定电子邮件的新帐户,您将收到错误 1062(又名重复输入错误)。
因此,与其 运行同时使用 SELECT 和基于此的 INSERT 查询,您可以简单 运行 给定的 INSERT 查询您的电子邮件列是 UNIQUE:
<?php
// Your database info
$db_host = 'xxxx';
$db_user = 'xxxx';
$db_pass = 'xxxx';
$db_name = 'xxxx';
// hardcoded email for testing purposes
$test_email ="sample@gmail.com";
// SQL query
$sql = 'INSERT INTO users (email) VALUES (?)';
// connect to database
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if ($con->connect_error)
{
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}
// Prepare the query to make sure it is good to go
if (!$result = $con->prepare($sql))
{
die('Query failed: (' . $con->errno . ') ' . $con->error);
}
// bind and test if the parameters are valid
if (!$result->bind_param('s', $test_email))
{
die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
}
// execute and see if it executed as expected.
if (!$result->execute())
{
if ($result->errno === 1062)
{
die("Email already in use...");
}
else
{
die('Execute failed: (' . $result->errno . ') ' . $result->error);
}
}
else
{
echo "account created!!";
}
In regards whether its better to have a single connection or multiple connections, this is a very good reading but as a resume you could reference your self to In PHP/MySQL should I open multiple database connections or share 1?
是 better/secure 为每个查询创建一个单独的数据库连接 (sample1) 还是我应该只为两个查询创建一个数据库连接 (sample2)?
我有 2 个查询要对数据库进行。
- Select(检查 table 中是否存在电子邮件)。
- 插入(如果电子邮件不存在,则在 table 中创建记录)。
我主要对一种方法相对于另一种方法的安全性和资源成本感兴趣。
注意:下面的示例代码是用户注册码的简化版本。
示例 1。
<?php
$NEW_EMAIL="sample@gmail.com";
$prep_sel = 'SELECT email FROM users WHERE email=?';
$link1 = mysqli_stmt_init($dbc);
if (mysqli_stmt_prepare($link1, $prep_sel)) {
mysqli_stmt_bind_param($link1, 's', $e);
mysqli_stmt_execute($link1);
mysqli_stmt_store_result($link1);
}
// If record does not exist, then insert it.
if (mysqli_stmt_num_rows($link1) == 0) { // Available.
$prep_ins= 'INSERT INTO users (email) VALUES (?)';
$link2 = mysqli_stmt_init($dbc);
if (mysqli_stmt_prepare($link2, $prep_ins)) {
mysqli_stmt_bind_param($link2, 'sssss', $NEW_EMAIL);
mysqli_stmt_execute($link2);
}
}
?>
样本 2.
<?php
$NEW_EMAIL="sample@gmail.com";
$prep_sel = 'SELECT email FROM users WHERE email=?';
$link1 = mysqli_stmt_init($dbc);
if (mysqli_stmt_prepare($link1, $prep_sel)) {
mysqli_stmt_bind_param($link1, 's', $e);
mysqli_stmt_execute($link1);
mysqli_stmt_store_result($link1);
}
// If record does not exist, then insert it.
if (mysqli_stmt_num_rows($link1) == 0) { // Available.
$prep_ins= 'INSERT INTO users (email) VALUES (?)';
if (mysqli_stmt_prepare($link1, $prep_ins)) {
mysqli_stmt_bind_param($link1, 'sssss', $NEW_EMAIL);
mysqli_stmt_execute($link1);
}
}
?>
是否有示例 3 选项?如果您将数据库中的 email 列更改为 UNIQUE,这意味着不允许重复的电子邮件。请参阅下面的 table 示例:
CREATE TABLE users
(
id int auto_increment primary key,
email varchar(20) unique
);
如果您尝试注册一个已经使用该给定电子邮件的新帐户,您将收到错误 1062(又名重复输入错误)。
因此,与其 运行同时使用 SELECT 和基于此的 INSERT 查询,您可以简单 运行 给定的 INSERT 查询您的电子邮件列是 UNIQUE:
<?php
// Your database info
$db_host = 'xxxx';
$db_user = 'xxxx';
$db_pass = 'xxxx';
$db_name = 'xxxx';
// hardcoded email for testing purposes
$test_email ="sample@gmail.com";
// SQL query
$sql = 'INSERT INTO users (email) VALUES (?)';
// connect to database
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if ($con->connect_error)
{
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}
// Prepare the query to make sure it is good to go
if (!$result = $con->prepare($sql))
{
die('Query failed: (' . $con->errno . ') ' . $con->error);
}
// bind and test if the parameters are valid
if (!$result->bind_param('s', $test_email))
{
die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
}
// execute and see if it executed as expected.
if (!$result->execute())
{
if ($result->errno === 1062)
{
die("Email already in use...");
}
else
{
die('Execute failed: (' . $result->errno . ') ' . $result->error);
}
}
else
{
echo "account created!!";
}
In regards whether its better to have a single connection or multiple connections, this is a very good reading but as a resume you could reference your self to In PHP/MySQL should I open multiple database connections or share 1?