LinkBack URL
About LinkBacks
A single query will be faster than multiple queries. Note also that while the query is more complex, overall the code for a single query is simpler. Prepared statements will be faster than interpolating the value into the query string. If you interpolate a value into the query string, you must first sanitize the value.
I'd say whether it's acceptable to loop over the usernames and executing a prepared statement with each iteration, rather than using a single query could only be answered by profiling the code and use that in a simulation of site load to determine if the site will be responsive enough. As for interpolating values, it should only be done for the parts of statements that don't support parameters (which is anything that isn't a simple value, such as identifiers, lists and MySQL keywords).
Reply With Quote
