开发者

Mysql SELECT / INSERT realtime VS Later + Securtiy [Q]uestion prepared Statements

Mysql SELECT / INSERT realtime VS Later + Securtiy Question prepared Statements

Hello,

I wrote a small script unique in and out counter, where the timestamp + ip of the user and the referer gets added into a txt file and every 5 mins a cronjob calls a script to update the db which he gets the data from the txt file.

I found a the mysql function "INSERT DELAY" - "SET UPDATE LOW_PRIORITY" im using the both commands in the cronjob, now im thinking, inserting the data straight to the DB with these both commands, would this increase the DB load? or is it better to make this every 5 mins.

About the script: Checks if ip exist if ip exists it drops insert, and deletes all ips which are older than 24h, if ip not exist it adds the ip and deletes the older than 24h and does some other things, in worst case it does 15 things to the d开发者_JAVA百科b SELECT / INSERT / UPDATE / DELETE and OPTIMIZE TABLE for each ip

About the environment: Every 1 sec 5 user is coming, and in 5 mins i should have around 1500 ips in the txt file. About the table: There will be arround 300k+ ips, which deletes / checks / inserts.

So would it be better to make it how i do it right now? Or is it possible to add the data in realtime to the db with insert delayed and so on?

Ok I want improve my script, and found out about prepared statements, I use MYSQLI Extension: Sample

$sql = "SELECT * FROM table WHERE row1 = ? AND row2 = ? AND row3 = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('sss', $var1, $var2, $var3);
$stmt->execute();
$stmt->close();

So I dont do anymore mysqli->real_escape_string($var); So my Question is it still possible to do SQL Injections, with prepared statements? If yes how I can prevent this?

Thank you

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜