DB Hoopla
Why check one password when you can check them all...
Submitted by phrax on Fri, 2004-10-29 15:14. DB HooplaOf all the WTF submissions I've gotten, this is one that I actually wanted to confirm. I didn't think anybody, no matter how beginner would pull something like this:
<?php
$query = "SELECT * FROM passwords";
$mysql_result = mysql_query($query, $mysql_link);
while($row = mysql_fetch_array($mysql_result)) {
if ($row[0] == $passwd){
print("ok");
return 0;
}
}
?>
Short and not so sweet. Thanks to Piotr Budny for sending this in. Somebody complained that his web sites wasn't working so Piotr dug into it and found today's WTF! Yikes!
When Newbies Attack!
Submitted by phrax on Sun, 2004-09-26 14:50. DB HooplaI think inexperienced web programmers all make common DB WTFs when starting out. Jim Grill sent in a prime example from a project that he inherited. I'm sure we've all seen similar code before and we've all said, "wtf?!", if not "ytf?!"
<?php
$query = 'SELECT * FROM sometable';
$result = mysql_query($query,$connection);
$count = mysql_num_rows($result);
?>
It should be obvious what's wrong in the example. To count the number of rows all data is needlessly requested and the rows counted in PHP. As the table grows these three lines will get slower and slower. Most people take data transfer from the DB server for granted. However we always should be as efficient as possible, since little things can quickly multiply into big problems.
The fix is relatively simple:
<?php
$query = 'SELECT COUNT(*) FROM sometable';
$result = mysql_query($query,$connection);
list($count) = mysql_fetch_array($result);
?>
Using count(*) will return just the number of rows. Much more efficient.
