Optimize Code. Is This The Optimum Way To Insert Data Into Tables?

[BrettHartel]

Thank you for taking the time to help me. I am trying to optimize my php code to work for speed. Even though my code doesn't contain a lot of information, I would like to learn properly.

 

Currently, this is the code I am using.

 

$sql="INSERT INTO eMail (User_ID, eMail)
VALUES
('$User_ID','$_POST[eMail]')";
if (!mysqli_query($link,$sql))
{
die('Error: ' . mysqli_error());
}

 

Is there a better code I could use or is this optimized php already?

 

Thank you,

 

Brett Hartel

[requinix]

Optimizing for speed should be the very last thing you ever do in PHP. After the application is written, after it's tested and de-bugged, after you've run out of other improvements and features to do. In most cases you'll squeeze out a millisecond or two, and in the grand scheme of things that's wasted time.

 

Here's a list of things you should do first:

* Don't write inline SQL. Move to functions or better OOP

* Don't do inline database connections. Move to functions or OOP

* Don't put $_POST values, or $_GET or $_COOKIE or anything with input you haven't already validated in PHP, directly into SQL queries. It's called "SQL injection" and it is unforgivable

* Don't die()

* Don't die() with the MySQL error message

[trq]

It's a pretty simple query, I wouldn't worry to much about trying to optimise anything.

 

Security wise though, your code sux fat ones. Never let user submitted data be used in a query like that. Without at least some sanitisation and maybe some validation you are leaving your application open to be compromised.