My question is: is it faster to do an operation for every item in an array even if it doesn't require it or to check if it requires it first.
Example: I have a loop that is set up like this [metacode]
foreach($array as $varkey => $varvalue){
if(!is_array($varkey)) $varvalue = mysql_real_escape_string($varvalue);
}
One of my coworkers believes that we should only use the mysql_real_escape_string function is the $varvalue has an apostrophe in it. That would require the use of a strstr()
or preg_match()
to see if an apostrophe was present before using mysql_real_escape_string, like so:
foreach($array as $varkey => $varvalue){
if(!is_array($varkey)){
if(strstr("'", $varvalue) $varvalue = mysql_real_escape_string($varvalue);
}
}
Is there any speed/security advantage with going one or the other?
*ps. I know we should probably be using prepared statements with PDO or mysqli_. That's another conversation we need to have internally on another day.*