|
|
Posted by Michael Fesser on 01/11/07 21:45
..oO(william)
>On Thu, 11 Jan 2007 21:44:50 +0100, Michael Fesser wrote:
>
>> Additionally
>> you should never use SELECT * in a productive application, but list all
>> fields explicitly.
>
>why ?
>just curious, because i try to keep the table quite simple (e.g. not a lot
>of fields) if there is another reason.
>Or is it for security reason (sql injection) ?
There's a short note in the manual:
| SELECT * is quite suitable for testing queries. However, in an
| application, you should never rely on using SELECT * and retrieving
| the columns based on their position. The order and position in which
| columns are returned does not remain the same if you add, move, or
| delete columns. A simple change to your table structure could cause
| your application to fail.
http://www.mysql.org/doc/refman/5.1/en/change-column-order.html
Using SELECT * might also cause performance issues and unnecessary
traffic if there are many columns or some which contain a lot of data
(BLOBs for example). Finally there can also be problems or unexpected
results when using a DISTINCT clause.
Micha
Navigation:
[Reply to this message]
|