Continuing the discussion from Using single form in crud for inserting and updating - #2 by benanamen.
@benanamen please i need to know why the statement above, because i use select * as it reduces codes especially when i have upto 30 columns to select datas from.
Is there any vulnerability this can cause?
Well, as stated above, with this particular table, that would mean sending the password between the database and webserver (and potentially the user) unnecessarily; which would expose it to more interception attacks than is necessary.
In most cases, it will slow down the query speed to varying degrees, because if you’re delivering 30 columns of data instead of the 2 that you need, you’re moving more data than is necessary; you’ve shipped 30 lbs of equipment for a job that only required 2lbs of hardware.
wow i love this illustration, generally it has to do with speed nothing more, no especially when you won’t be needing all the data you are pulling out from the database.
It’s more about making it relatable.
Unless you’re moving LARGE tables, with lots of rows, or columns, are you going to notice the speed difference on a single query? No. It’ll be a tiny difference. But there will be a difference.
If your server is doing that same query thousands of times a second to serve hundreds or thousands of visitors? Those pennies start adding up.
exactly i got you this time, is about building something that is scalable if with a small visitor i still think is safe and healthy to adopt to such data. only take foods that you can finish per time, and when need more you go dish out to avoid wasting resources.
Listing out the columns you are selecting does a number of things -
- It forces you to think about what data you need in your application, producing an overall better design.
- It results in only the data that you want being read and transferred, potentially saving some to a lot of memory/processing resources.
- In the case of JOIN queries, it insures that you are getting the data that you want from the correct columns in the correct table(s).
- It helps make your query/code self-documenting. Related to item #1 on this list, anyone reading the query and code can tell what it is trying to do, and don’t need to know the full table definitions in order to figure out what’s going on.
That pales in comparison to amount of resources and energy consumed by servers on a whole. In the modern environment of development that is really the pot calling the kettle black when using technology that requires an idol server to always be running.