

Explained: The MySQL query that powers Correlated - jawns
http://coding.pressbin.com/88/How-my-new-site-Correlated-works/

======
jemka
The background of the correlated website (<http://www.correlated.org/>) just
gave me a seizure. I wonder how many people that had seizures also like sushi.

------
tayl0r
You should use bind variables instead of directly inserting php variables in
your SQL. You're just opening yourself up for SQL injection. >> WHERE poll_id
!= '$poll_id'

~~~
jawns
The post explicitly notes that the query, as presented, is not necessarily
secure and is merely meant to give the reader the gist of what's going on.

However, in Correlated's case, it's not really an issue, because SQL injection
is only a problem when $poll_id is a user input. But this particular query is
only run by a user-inaccessible script.

------
tayl0r
Looking at that SQL reminds me how much better Oracle & MS SQL Server are at
doing queries like that (thanks to analytic functions). You could get that
table access down to 1 single index scan, instead of 4+.

MySQL and Postgres are fine at OLTP but when you get into analytics and
reporting, they really show their lack of features.

------
blaines
Nice! I'm not really digging the design (I'm not a neon color person), but
really cool info.

I didn't sign up though because I wanted to login with Twitter. I don't like
creating a million accounts and connecting to twitter would allow you a social
promotion bonus.

