使用 mysql_real_escape_string 的事务
最近在 PHP 中使用 MySQL,我想知道:
- 在脚本中多次使用 mysql_real_escape_string() 会对性能产生什么影响?
- 是否值得尝试减少给定脚本对此函数的调用次数?
- 是确定每次调用连接的字符集,还是缓存这个值?
如果需要一个场景,我正在考虑 PHP,以及文本和数字之间的区别,其中数字(使用 intval()
、floatval()
或直接转换)可以无需致电即可加入。
Working with MySQL lately, from PHP, I am wondering about this:
- What is the performance impact by using
mysql_real_escape_string()
multiple times at a script? - Is it worth to try to reduce the number of calls to this function for a given script?
- Does it determines the character set of the connection each time is called, or this value is cached?
If a scenario is needed, I'm thinking about PHP, and distinction between text and numbers, where numbers (using intval()
, floatval()
or direct casts) can be included without a call.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
不要因小失大。
您的问题属于微观优化领域。创建所需的索引或缓存某些查询结果比担心几次调用
mysql_real_escape_string()
对性能的影响要大一个数量级。顺便说一句,使用
(int) $variable
进行类型转换比调用intval($variable)
稍快一些。但这也将是一个微观优化。Don't be penny-wise and pound-foolish.
Your questions are in the realm of micro-optimizations. Creating a needed index or caching some query result will have an order of magnitude more benefit than worrying about the performance impact of a few calls to
mysql_real_escape_string()
.By the way, typecasting with
(int) $variable
is slightly faster than callingintval($variable)
. But this too would be a micro-optimization.如果您需要在数据库输入之前转义用户输入,那么您将必须使用 mysql_real_escape_string() ......不要太担心过早优化。
或者,您可以查看准备好的语句,这将使您不必多次调用此函数 - 而且它更安全,因为它将 SQL 逻辑与用户输入完全分开。
If you need to escape user input prior to database entry then you will have to use
mysql_real_escape_string()
... don't worry too much about premature optimization.Alternatively, you can look into prepared statements which will save you having to call this function multiple times - and it is more secure as it separates SQL logic from user input altogether.