Say I have a MySQL table with two fields: "id" (primary key, INT(7)) and "hash" (indexed, VARCHAR(32)), and there will be hundreds of thousands of records in this table. Would it be faster / less CPU intensive to use MySQL to match both the id and hash fields to cleaned / sanitized request vars, or just match the id field with MySQL, and then use PHP to determine whether or not the hash is correct?
So,
mysql_query("SELECT * FROM table WHERE id='" .$id. "' AND hash=' .$hash. '");
or:
$query = mysql_query("SELECT * FROM table WHERE id='" .$id. "'");
$row = mysql_fetch_assoc($query);
if ($row['hash'] == $hash) ..
One scenario you're requiring MySQL to match two things (the hash field would be 32 characters long, like a md5 string), the other way it would only have to find one field (a unique, primary key integer, which should be very fast), but MySQL would need to pull the data and put into an array that PHP can then read to determine if the other field is a match. I'm thinking the all-MySQL way would be faster, but I didn't know about it having to search through hundreds of thousands of records for a string of that size.
Any thoughts? Thanks!