What are the potential pitfalls of using wildcard (*) in SQL queries, and how can it be replaced with specific field names for better performance and security?
Using wildcards (*) in SQL queries can lead to potential pitfalls such as fetching unnecessary data, decreased performance due to retrieving all columns, and security risks like exposing sensitive information. To replace wildcards with specific field names for better performance and security, explicitly list the required columns in the SELECT statement.
<?php
// Connect to database
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Query with specific field names
$sql = "SELECT column1, column2, column3 FROM table_name WHERE condition";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// Output data
while($row = $result->fetch_assoc()) {
echo "Column1: " . $row["column1"]. " - Column2: " . $row["column2"]. " - Column3: " . $row["column3"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>