5. Which is easy to read?
select id,name
from users
where admin = 1 and
password is null and
created_at >= '2016-01-01
00:00:00'
order by id limit 0,10
SELECT
id
,name
FROM
users
WHERE
admin = 1
AND password IS NULL
AND created_at >= '2016-01-01 00:00:00'
ORDER BY
id ASC
LIMIT
0, 10
;
6. Uppercased reserved word
select count(user_id) as cnt
from users
where user_name = ‘foo’
and del_flag = false
SELECT COUNT(user_id) AS cnt
FROM users
WHERE user_name = ‘foo’ AND
del_flag = FALSE
7. line break and spaces
SELECT col_1, col_2, col_3,
COUNT(*)
FROM tbl_A
WHERE col_1 = 'a'
AND col_2 = (
SELECT MAX(col_2)
FROM tbl_B
WHERE col_3 = 100
)
GROUP BY col_1, col_2,
col_3
SELECT
col_1
,col_2
,col_3
,COUNT(*)
FROM
tbl_A
WHERE
col_1 = 'a'
AND col_2 = (
SELECT
MAX(col_2)
FROM
tbl_B
WHERE
col_3 = 100
)
GROUP BY
col_1,col_2,col_3
8. line break and spaces
SELECT col_1, col_2, col_3,
COUNT(*)
SELECT
col_1
,col_2
,col_3
,COUNT(*)
Align the vertical line
using 4 spaces indention
(PSR-2 coding guide)
9. Aligned ‘AND/OR’ conditions
WHERE cc_id = 10
AND playdate = 20161027
AND code BETWEEN 200
AND 300
WHERE cc_id = 10 AND
playdate = 20161027 AND code
BETWEEN 200 AND 300
( No line break)
WHERE
cc_id = 10
AND playdate = 20161027
AND code BETWEEN 200 AND 300
WHERE
cc_id = 10
AND playdate = 20161027
AND code BETWEEN 200 AND 300
WHERE cc_id = 10
AND playdate = 20161027
AND code BETWEEN 200
AND 300
WHERE cc_id = 10 AND
playdate = 20161027 AND code
BETWEEN 200 AND 300
( No line break)
12. max_allowed_packet
The maximum query length
default=16MB
When save image binary…
BAD Tooooooooooooo long IN()
SELECT
*
FROM
users
WHERE
email
IN(‘address1’,’address2’,’address3’…)
GOOD One by one and loop
SELECT
*
FROM
users
WHERE
email = ‘address1’;
13. group_concat_max_len
The maximum length of the
result of group_concat
default=1024
When use group_concat()…
BAD challenging many
results
SELECT
GROUP_CONCAT(user_id)
AS user_ids
FROM users WHERE …
GOOD Join using Program
SELECT
user_id
FROM users WHERE …
14. max_connections
The maximum number of
concurrent connections
default=151
When run the queries at the
same time…
use transaction
BAD
sudden mass access
ex)Campaign site,
Sports news site
News site
GOOD
Strict control system
ex)Bank system
Cash card system
19. Non-Normalized form
id name age sex salary qualification
2030
Tomoki
Oyamatsu
28 male ¥200,000
driver licence,
Fundamental information
technology engineer,
C Language Proficiency Level 2
3 columns
employee
20. First normal form
id name age sex salary qualification
2030
Tomoki
Oyamatsu
28 male ¥200,000 driver licence
2030
Tomoki
Oyamatsu
28 male ¥200,000
Fundamental information
technology engineer
2030
Tomoki
Oyamatsu
28 male ¥200,000 C Language Proficiency Level 2
same data
employee
21. Second normal form
id name age sex salary
2030 Tomoki Oyamatsu 28 male ¥200,000
employee
id qualification_id qualification_name
2030 1 driver licence
2030 5 Fundamental information technology engineer
2030 7 C Language Proficiency Level 2
emp_qual Duplicate when another employee has
22. Third normal form
id name age sex_id salary
2030 Tomoki Oyamatsu 28 1 ¥200,000
employee
id qualification_id
2030 1
2030 5
2030 7
emp_qual
qualification_id qualification_name
1 driver licence
2 IT passport
3 System Architect
4 Information security admin
5 Fundamental information
technology engineer6 Network specialist
7 C Language Proficiency Level 2
sex_id sex
1 male
2 female
sex_mst qualifications
27. Avoid SQL injection
$sql = <<<SQL
SELECT
*
FROM
users
WHERE
name = ‘{$POST[“name”]}’
;
SQL;
$result = $pdo->exec($sql);
If parameter is…
$POST[“name”]
= “Oyamatsu”
WHERE
name = 'Oyamatsu';
$POST[“name”]
= “t' OR ’t’=’t”
WHERE
name = 't' OR 't' = 't';
PHP code
true in any time
28. Use prepared statement
$sql = <<<SQL
SELECT
*
FROM
users
WHERE
name = :name
;
SQL;
$sth->bindValue(‘:name’, $POST[“name”]);
$sth->execute();
If parameter is…
$POST[“name”]
= “t' OR ’t’=’t”
WHERE
name= ’t' OR ’t’ = ’t’;
PHP code
escaped string
29. In the case of IN()
Can’t use the prepared
statement
$sql = <<<SQL
SELECT
*
FROM
users
WHERE
user_id IN({$user_ids});
SQL;
$result = $pdo->exec($sql);
Beforehand
Make sure all data are
numeric
join numeric data