Why is SELECT * table_name; is considered harmful?

0 votes
Sep 20 in Database by Manvith
• 120 points
28 views

2 answers to this question.

0 votes
SELECT * table_name;

returns all the data stored in that table. This leads to performance issues. Suppose you have a table with 10 rows and 10 columns and you want to get the data of one column (10 entries), in this case, you fetch only that particular column, you have to process only 10 entries but if you use select *, you have to process 10*10 = 100 columns. This drastically affects performance. 

Now think of a situation where you have a website and you are displaying the contents of a particular table on the website. Suppose there are confidential and non-confidential data and you only want to display the non-confidential data on the website. In this case, if you use select * and send all the data to the website and then filter what data to display, this might lead to vulnerabilities where a hacker can steal the confidential data. 

answered Sep 23 by Tina
0 votes

Hi. Adding to @Tina's answer, there is one more situation in which using select * can crash the system. Consider you have two tables and both these tables have a column of the exact same name. In this case, if you are using both the columns of the same name without using proper alias names, this might confuse the system and lead to a crash.

answered Sep 23 by Raghu

Related Questions In Database

0 votes
1 answer

Why is SELECT * considered harmful?

If you add fields to the table, ...READ MORE

answered Sep 27 in Database by Omaiz
• 560 points
30 views
0 votes
1 answer

Why is MongoDB preferred?

MongoDB is considered to be best NoSQL ...READ MORE

answered Jul 24, 2018 in Database by shams
• 3,580 points
42 views
0 votes
1 answer

Why is not preferable to use mysql_* functions in PHP?

The reasons are as follows: The MySQL extension: Does ...READ MORE

answered Sep 7, 2018 in Database by DataKing99
• 8,130 points
54 views
0 votes
1 answer

What is the syntax of SELECT statement?

This statement is used to select data ...READ MORE

answered Nov 27, 2018 in Database by darklord
• 6,170 points
37 views
0 votes
1 answer

How to connect Java program to the MySQL database?

You can connect your Java code with ...READ MORE

answered May 11, 2018 in Java by parth295
• 4,640 points
197 views
0 votes
1 answer

Difference between single and double quotes in SQL

Single quotes are used to indicate the ...READ MORE

answered Sep 11, 2018 in Database by CodingByHeart77
• 3,690 points
88 views
0 votes
1 answer

Can different databases use different name quotes?

This use of quotes is called delimited ...READ MORE

answered Sep 11, 2018 in Database by CodingByHeart77
• 3,690 points
35 views
0 votes
1 answer

Write a SQL query to find the names of employees that begin with ‘S’

To display the name of the employees ...READ MORE

answered Sep 26, 2018 in Database by darklord
• 6,170 points
46 views
0 votes
1 answer

Is SELECT * harmful in Database?

There are really three major reasons: Inefficiency in ...READ MORE

answered Sep 7, 2018 in Database by DataKing99
• 8,130 points
47 views
0 votes
1 answer

What is SELECT DISTINCT statement

This statement is used to return only ...READ MORE

answered Nov 21, 2018 in Database by darklord
• 6,170 points
41 views