225 /**
 226  * Runs a limited-range query in the active database.
 227  *
 228  * Use this as a substitute for db_query() when a subset of the query is to be
 229  * returned.
 230  * User-supplied arguments to the query should be passed in as separate parameters
 231  * so that they can be properly escaped to avoid SQL injection attacks.
 232  *
 233  * Note that if you need to know how many results were returned, you should do
 234  * a SELECT COUNT(*) on the temporary table afterwards. db_num_rows() and
 235  * db_affected_rows() do not give consistent result across different database
 236  * types in this case.
 237  *
 238  * @param $query
 239  *   A string containing an SQL query.
 240  * @param ...
 241  *   A variable number of arguments which are substituted into the query
 242  *   using printf() syntax. The query arguments can be enclosed in one
 243  *   array instead.
 244  *   Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
 245  *   in '') and %%.
 246  *
 247  *   NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
 248  *   and TRUE values to decimal 1.
 249  *
 250  * @param $from
 251  *   The first result row to return.
 252  * @param $count
 253  *   The maximum number of result rows to return.
 254  * @return
 255  *   A database query result resource, or FALSE if the query was not executed
 256  *   correctly.
 257  */

<?php

error_reporting(E_ALL);

mysqli_report(MYSQLI_REPORT_ALL);
$link = mysqli_connect('localhost', 'root', '', 'test');

for ($i = 0; $i < 10000; ++$i) {
    mysqli_query($link, "INSERT INTO test VALUES(NULL, '" . md5(mt_rand()) . "');");
}

$diff = -microtime(1);

for ($i = 0; $i < 10000; ++$i) {
    mysqli_query($link, "SELECT * FROM test WHERE id = $i;");
}

$diff += microtime(1);
echo "<br>Простые запросы: $diff сек.";

$diff = -microtime(1);

$stmt = mysqli_prepare($link, "SELECT * FROM test WHERE id = ?;");
for ($i = 0; $i < 10000; ++$i) {
    mysqli_stmt_bind_param($stmt, 'i', $i);
    mysqli_stmt_execute($stmt);
}

$diff += microtime(1);
echo "<br>Подготовленные запросы: $diff сек.";

?>

$diff = -microtime(1);

for ($i = 0; $i < 1000; ++$i) {
    mysqli_query($link, "SELECT * FROM test WHERE data = '" . mysqli_real_escape_string($link, md5(mt_rand())) . "';");
}

$diff += microtime(1);
echo "<br>Простые запросы: $diff сек.";

$diff = -microtime(1);

$stmt = mysqli_prepare($link, "SELECT * FROM test WHERE data = ?;");
for ($i = 0; $i < 1000; ++$i) {
    $data = md5(mt_rand());
    mysqli_stmt_bind_param($stmt, 's', $data);
    mysqli_stmt_execute($stmt);
}

$diff += microtime(1);
echo "<br>Подготовленные запросы: $diff сек.";

test` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `data` varchar(32) NOT NULL,
  PRIMARY KEY (`id`),
  KEY `data` (`data`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8;

$diff = -microtime(1);

for ($i = 0; $i < 1000; ++$i) {
    $stmt = mysqli_prepare($link, "SELECT * FROM test WHERE id = ?;");
    mysqli_stmt_bind_param($stmt, 'i', $i);
    mysqli_stmt_execute($stmt);
}

$diff += microtime(1);

<?php

error_reporting(E_ALL);

$link = mysql_connect('localhost', 'root', '');
mysql_select_db('test');

$data = md5(mt_rand()); 

$diff = -microtime(1);
mysql_query("SELECT * FROM test WHERE data = '" . mysql_real_escape_string($data, $link) . "';", $link);
$diff += microtime(1);
echo "<br>Простой запрос(старенький mysql): $diff сек.<br><br>MySQLi:";

mysqli_report(MYSQLI_REPORT_ALL);
$link = mysqli_connect('localhost', 'root', '', 'test');

$diff = -microtime(1);
mysqli_query($link, "SELECT * FROM test WHERE data = '" . mysqli_real_escape_string($link, $data) . "';");
$diff += microtime(1);
echo "<br>Простой запрос: $diff сек.";

$diff = -microtime(1);
$stmt = mysqli_prepare($link, "SELECT * FROM test WHERE data = ?;");
mysqli_stmt_bind_param($stmt, 's', $data);
mysqli_stmt_execute($stmt);
$diff += microtime(1);
echo "<br>Подготовленные запрос: $diff сек.";

?>