couple of pages (looking to reduce sql queries among other things)

Desbrina

I have a couple of pages i'd like people to look at. I'm mainly looking to reduce sql queries that are being ran, but anything that'll speed pages up will help (not that their overly slow at the moment)

Page 1 - combat.php

<?php
  	if (!isloggedin()) header("Location: login.php"); else
  	// Get combat creatures data
	$default = 10;
	// Data from stats
	$sql = "SELECT sum(u1.agi + u1.`int` + u1.str + u1.dex ) AS points1,
	sum(u2.agi + u2.`int` + u2.str + u2.dex ) AS points2,
	sum(u3.agi + u3.`int` + u3.str + u3.dex ) AS points3,
	sum(u4.agi + u4.`int` + u4.str + u4.dex ) AS points4, s.stamina
	FROM user_squad AS s
	LEFT JOIN user_creatures AS u1 ON u1.ID = s.cid1
	LEFT JOIN user_creatures AS u2 ON u2.ID = s.cid2
	LEFT JOIN user_creatures AS u3 ON u3.ID = s.cid3
	LEFT JOIN user_creatures AS u4 ON u4.ID = s.cid4
	WHERE s.uid = ".clean($_COOKIE['calona']);
	$result = mysql_query($sql) or die(sql_error($sql));
	while($row = mysql_fetch_array($result))
	{
		$c1 = $row['points1'];
		$c2 = $row['points2'];
		$c3 = $row['points3'];
		$c4 = $row['points4'];
		$stamina = $row['stamina'];
	}

// Get skills data
$sql = " SELECT sum( s1.level ) AS points1, sum( s2.level ) AS points2, sum( s3.level ) AS points3, sum( s4.level ) AS points4
FROM user_squad AS s
LEFT JOIN user_skills AS s1 ON s1.cid = s.cid1
LEFT JOIN user_skills AS s2 ON s2.cid = s.cid2
LEFT JOIN user_skills AS s3 ON s3.cid = s.cid3
LEFT JOIN user_skills AS s4 ON s4.cid = s.cid4
WHERE s.uid = ".clean($_COOKIE['calona']);
$result = mysql_query($sql) or die(sql_error($sql));
while($row = mysql_fetch_array($result))
{
	$c1 = $c1 + $row['points1'];
	$c2 = $c2 + $row['points2'];
	$c3 = $c3 + $row['points3'];
	$c4 = $c4 + $row['points4'];
}

// Total creature data
if($c1 != 0) { $c1 = $c1 + $default; }
if($c2 != 0) { $c2 = $c2 + $default; }
if($c3 != 0) { $c3 = $c3 + $default; }
if($c4 != 0) { $c4 = $c4 + $default; }
// Get sqad total
$total = $c1 + $c2 + $c3 + $c4;

// Get available users
$users = '';
$sql = "SELECT u.ID, u.name
FROM users AS u
LEFT JOIN user_squad AS s ON s.uid = u.ID
WHERE u.ID !=".clean($_COOKIE['calona'])."
AND (
s.cid1 !=0
OR s.cid2 !=0
OR s.cid3 !=0
OR s.cid4 !=0
)";
$result = mysql_query($sql) or die(sql_error($sql));
while($row = mysql_fetch_array($result))
{
	$users .= '<option value="'.$row['ID'].'">'.$row['name'].'</option>';
}

if(isset($_POST['Submit']))
{
	if(!empty($_POST['users']))
	{
		// Get Opponents Rating
		$sql = "SELECT sum(u1.agi + u1.`int` + u1.str + u1.dex ) AS points1,
		sum(u2.agi + u2.`int` + u2.str + u2.dex ) AS points2,
		sum(u3.agi + u3.`int` + u3.str + u3.dex ) AS points3,
		sum(u4.agi + u4.`int` + u4.str + u4.dex ) AS points4
		FROM user_squad AS s
		LEFT JOIN user_creatures AS u1 ON u1.ID = s.cid1
		LEFT JOIN user_creatures AS u2 ON u2.ID = s.cid2
		LEFT JOIN user_creatures AS u3 ON u3.ID = s.cid3
		LEFT JOIN user_creatures AS u4 ON u4.ID = s.cid4
		WHERE s.uid = ".clean($_POST['users']);
		$result = mysql_query($sql) or die(sql_error($sql));
		while($row = mysql_fetch_array($result))
		{
			$o1 = $row['points1'];
			$o2 = $row['points2'];
			$o3 = $row['points3'];
			$o4 = $row['points4'];
		}

		// Get skills data
		$sql = " SELECT sum( s1.level ) AS points1, sum( s2.level ) AS points2, sum( s3.level ) AS points3, sum( s4.level ) AS points4
		FROM user_squad AS s
		LEFT JOIN user_skills AS s1 ON s1.cid = s.cid1
		LEFT JOIN user_skills AS s2 ON s2.cid = s.cid2
		LEFT JOIN user_skills AS s3 ON s3.cid = s.cid3
		LEFT JOIN user_skills AS s4 ON s4.cid = s.cid4
		WHERE s.uid = ".clean($_POST['users']);
		$result = mysql_query($sql) or die(sql_error($sql));
		while($row = mysql_fetch_array($result))
		{
			$o1 = $o1 + $row['points1'];
			$o2 = $o2 + $row['points2'];
			$o3 = $o3 + $row['points3'];
			$o4 = $o4 + $row['points4'];
		}

		// Total creature data
		if($o1 != 0) { $o1 = $o1 + $default; }
		if($o2 != 0) { $o2 = $o2 + $default; }
		if($o3 != 0) { $o3 = $o3 + $default; }
		if($o4 != 0) { $o4 = $o4 + $default; }
		// Get sqad total
		$ototal = $o1 + $o2 + $o3 + $o4;

		//Check Stamina
		if(($stamina - 2) >= 0 ) {
			// Enough stamina, now check for winner
			if($total >= $ototal)
			{
				// Win
				echo "<p><strong>Congratulations, you have won this fight. You gained 5 Ruba</strong></p>";
				$sql = "UPDATE users SET ruba = ruba + 5 WHERE ID = ".clean($_COOKIE['calona'])." LIMIT 1";
				mysql_query($sql) or die(sql_error($sql));
			}
			else
			{
				// Loose
				echo "<p><strong>I'm sorry but you've lost this fight. Maybe next time?</strong></p>";
			}
			// Decrease Stamina by 2
			$sql = "UPDATE user_squad SET stamina = stamina - 2 WHERE uid = ".clean($_COOKIE['calona'])." LIMIT 1";
			mysql_query($sql) or die(sql_error($sql));
		}
		else
		{
			// Not enough stamina
			echo "<p>Not enough stamina</p>";
		}
	}
}

  ?>

Page 2 - get.php

if (!isloggedin()) header("Location: login.php"); else
	include getenv("DOCUMENT_ROOT")."/includes/function_spaces.php";
	// Check to see if user said yes then add egg and remove from group
	if(isset($_GET['posistion']))
	{
		$sql = " SELECT *
		FROM user_creatures AS u
		LEFT JOIN creatures AS c ON u.cid = c.ID
		AND u.uid =".clean($_COOKIE['calona'])."
		WHERE c.type = 'Egg'";
		$result = mysql_query($sql) or die(sql_error($sql));

	// Find out a users total spaces

	if(mysql_num_rows($result) < spaces())
	{
		$sql = "SELECT c.ID, c.name
		FROM creatures AS c
		LEFT JOIN eggs AS e ON e.id".clean($_GET['posistion'])." = c.ID
		WHERE e.uid = ".clean($_COOKIE['calona'])."
		ORDER BY e.ID DESC
		LIMIT 1";
		$result = mysql_query($sql) or die(sql_error($sql));
		while($row = mysql_fetch_array($result))
		{
			$id = $row['ID'];
			$name = $row['name'];
		}

		// Get random stats
		$str = rand(1,5);
		$int = rand(1,5);
		$agi = rand(1,5);
		$dex = rand(1,5);

		$sql = "INSERT INTO user_creatures (uid, cid, name, str, agi, `int`, dex) VALUES
		(".$_COOKIE['calona'].", ".$id.", '".$name."', ".$str.", ".$agi.", ".$int.", ".$dex.")";
		$result = mysql_query($sql) or die(sql_error($sql));
		if($result)
		{
			// Get id of eggs
			$sql3 = "SELECT ID FROM eggs WHERE uid = ".$_COOKIE['calona']." ORDER BY ID DESC LIMIT 1";
			$result3 = mysql_query($sql3) or die(sql_error($sql3));
			while($row3 = mysql_fetch_array($result3))
			{
				$rid = $row3['ID'];
			}
			$sql2 = "UPDATE eggs SET id".$_GET['posistion']." = 0 WHERE ID = ".$rid." LIMIT 1";
			$result2 = mysql_query($sql2) or die(sql_error($sql2));
			if($result2)
			{
				header("Location: creatures.php");
				exit();
			}
		}
	}
	else
	{
		header("Location: eggs.php");
		exit();
	}
}

// Get User spaces
$sql = " SELECT *
FROM user_creatures AS u
LEFT JOIN creatures AS c ON u.cid = c.ID
AND u.uid =".clean($_COOKIE['calona'])."
WHERE c.type = 'Egg' ";
$result = mysql_query($sql) or die(sql_error($sql));
$eggs = mysql_num_rows($result);
$space = spaces();
echo "<p>Are you sure this is the egg you want?</p>";
echo "<p>Right now you are currently taking care of <strong>".$eggs."</strong> egg(s). You can only take care of ".$space." at a time </p>";
// Get egg info
$sql = "SELECT c.url, c.sdesc
FROM creatures AS c
RIGHT JOIN eggs AS e ON e.id".clean($_GET['pos'])." = c.ID
WHERE e.uid = ".clean($_COOKIE['calona'])."
ORDER BY e.ID DESC
LIMIT 1";
$result = mysql_query($sql) or die(sql_error($sql));
while($row = mysql_fetch_array($result))
{
	echo '<p><img src="'.$row['url'].'" alt="'.$row['desc'].'" border="0"/>
	<br/>'.$row['desc']."</p>\n";
}
?>

function_spaces.php (called from Page 2)

<?php

/*
* This function works out the total spaces a user has to be able to keep eggs in
*/
function spaces()
{
	$default = 3;
	$hatch1 = 0;

$sql = "SELECT iid FROM user_items WHERE uid = ".clean($_COOKIE['calona']);
$result = mysql_query($sql) or die(sql_error($sql));
while($row = mysql_fetch_array($result))
{
	if($row['iid'] == 1)
	{
		// Hatchery 1
		$hatch1++;
	}
}

// Work out total given from Hatchery 1
$hatch1 = $hatch1 * 3;
// Add it to the total
$spaces = $spaces + $hatch1;

// Add the default spaces to the total
$spaces = $spaces + $default;

return $spaces;	
}

?>

Horizon88

For your "logged in" checks, something like this would be better:

if (!isloggedin()) {
   header('Location: login.php');
   exit();
}

The reason for this is your current model would continue executing all the code after your else statement if the header redirect failed. It could fail for a number of reasons, usually stemming from output in code (like your isloggedin() method) that is called before the header redirect. It's best practice, then, to exit() your code after a header redirect.

A small performance issue is the quotes you use. When PHP encounters a string enclosed with double-quotes, it's going to tell the interpreter to look inside the double-quotes for any items it can interpret, like variable names. If you aren't using any inline interpretation that requires double-quotes, stick with single-quotes and concatenation. For the large SQL query you use at the start of the script, use single quotes and the . operator instead of double-quotes and newlines. It'll speed your script execution up a tiny bit and if it's being called very often, every little bit helps.

I don't know what sql_error() in your code actually does, as it looks like a user-defined function, but if it's dying and throwing raw SQL errors to your end users, that can be a security concern in that raw SQL errors often contain usernames, table structures, and whether your account is using a password or not. This information can be used to make an attack against your database more effective, so you should double check that - try and die() gracefully without exposing core information to the visitor. You can't ever assume an error won't happen or that a user won't intentionally trigger one looking for information.

while($row = mysql_fetch_array($result))
    {
        $c1 = $row['points1'];
        $c2 = $row['points2'];
        $c3 = $row['points3'];
        $c4 = $row['points4'];
        $stamina = $row['stamina'];
    }

Two things here - you're in a while loop, but you're assigning directly with =, not concatenating with .=, so if you have more than one result being returned, $c1, $c2, $c3, $c4, and $stamina will only have the last row's worth of information in them. If you're only handling one row worth of data, don't use a while, just do a $row = mysql_fetch_array(). The other issue is that you're duplicating memory - if you've only got the one row, you're copying $row['points1'] into $c1 and now have two copies of that variable in memory. If you just want to assign $row['points1'] to a name that's easier for you to use and it doesn't matter if you modify $row['points1'] itself, you can pass the variable by reference, which prevents copying the data and essentially gives you two names to the same data:

$c1 = &$row['points1']; // the & operator tells PHP to pass $row['points1'] by reference

    if($c1 != 0) { $c1 = $c1 + $default; }
    if($c2 != 0) { $c2 = $c2 + $default; }
    if($c3 != 0) { $c3 = $c3 + $default; }
    if($c4 != 0) { $c4 = $c4 + $default; }

Here, you should be able to do this, which makes it a little easier to edit/modify in the future:

    if ($c1 != 0) $c1 += $default;

The { } braces aren't required for single-line statements like that and just clutter it up, in my opinion, but that's a stylistic preference. The += operator adds $c1 and $default, then assigns the result of the addition back into $c1, functionally equivalent to yours but less typing and a little cleaner, to me.

Gotta go to class. Hope that helped.

Desbrina

sql_error() saves the who error to a file (including some other info, which isn't accessible to the public) and just gives the user a please contact admin page

isloggedin() simply return true or false, never anything else

The while loops will only give 1 result

onicsoft

Change all double quotes to single quotes if you can help it and don't need to phrase variables.

Don't use SELECT * unless you need everything in all the tables your selecting.

Don't use mysql_fetch_array if you only going to be using the named var's. Use instead mysql_fetch_assoc and/or mysql_fetch_array($result,MYSQL_ASSOC); to only return the named var's and not add to the sql cache/memory stack of the extra numbered array returned.

Don't forget to limit 1 sql questions that you only expect 1 returned and also don't do the while loops for the mysql querys you only expect 1 result from.

Don't see your "clean" function so can't comment on that part.

This could be over simplifying this function.

function spaces()
{
    $default = 3;
    $hatch1 = 0;   

    $sql = 'SELECT `iid` FROM `user_items` WHERE `uid` = '.clean($_COOKIE['calona']).' AND `iid` = 1';
    $result = mysql_query($sql) or die(sql_error($sql));
    $spaces = $default + (mysql_num_rows($result) * 3);   

    return $spaces;    

}

laserlight

onicsoft wrote:
Change all double quotes to single quotes if you can help it and don't need to phrase variables.

On the other hand, without variable interpolation (as in the parsing of embedded variables), the efficiency difference between single and double quoted strings is negligible. Considering that double quoted strings are typically more convenient for storing SQL statements that contain single quotes (which are used to delimit strings in SQL), it may be more consistent to stick with double quoted strings for storing SQL statements.

I would check to see if the columns involved in computing the joins are indexed. If not, indexing them could lead to significant performance gains.

onicsoft wrote:
Don't use SELECT unless you need everything in all the tables your selecting.

Yes, and if you are only selecting columns to find out how many rows will be retrieved, SELECT COUNT() instead, e.g.,

$sql = 'SELECT COUNT(*) FROM `user_items` WHERE `uid` = '.clean($_COOKIE['calona']).' AND `iid` = 1';
$result = mysql_query($sql) or die(sql_error($sql));
$spaces = $default + (mysql_result($result, 0) * 3);

That said, spaces() does not seem like a particularly descriptive function name to me. It does not seem obvious that it returns the total number of "spaces a user has to be able to keep eggs in".