As many have already suggested, the way you execute the query is vulnerable to SQL injection attacks. Even if the code will "only live for one day", you shouldn't do it the dirty way, when it's ridiculously easy to do so much better, for example:
<?php
$site = $_GET['url'];
try {
$db = new PDO('mysql:host=localhost;dbname=rocket_newsites;charset=utf8', 'username', 'password');
$stmt = $db->prepare("INSERT INTO rocket_newsites.sites (url) VALUES (:url)");
$stmt->bindValue(':url', $site, PDO::PARAM_STR);
$stmt->execute();
} catch(PDOException $ex) {
echo "An Error occured!";
}
?>
It's trivially easy to transform your original script into this form, and now this is safe from 1st order SQL injection attacks. (See this post for more details. See this post for more details.)
I also removed the id column from the parameter list, because you were setting it to NULL, so it was unnecessary in the first place.
As for the performance, if this script will be called 1000+ times per second, that will be very efficient, but it's hard to do something about that within this script. It's caller that should change its behavior. Change the caller to buffer the requests, and send multiple URLs at once so you can change this script to use bulk inserting.
As many have already suggested, the way you execute the query is vulnerable to SQL injection attacks. Even if the code will "only live for one day", you shouldn't do it the dirty way, when it's ridiculously easy to do so much better, for example:
<?php
$site = $_GET['url'];
try {
$db = new PDO('mysql:host=localhost;dbname=rocket_newsites;charset=utf8', 'username', 'password');
$stmt = $db->prepare("INSERT INTO rocket_newsites.sites (url) VALUES (:url)");
$stmt->bindValue(':url', $site, PDO::PARAM_STR);
$stmt->execute();
} catch(PDOException $ex) {
echo "An Error occured!";
}
?>
It's trivially easy to transform your original script into this form, and now this is safe from 1st order SQL injection attacks. (See this post for more details.)
I also removed the id column from the parameter list, because you were setting it to NULL, so it was unnecessary in the first place.
As for the performance, if this script will be called 1000+ times per second, that will be very efficient, but it's hard to do something about that within this script. It's caller that should change its behavior. Change the caller to buffer the requests, and send multiple URLs at once so you can change this script to use bulk inserting.
As many have already suggested, the way you execute the query is vulnerable to SQL injection attacks. Even if the code will "only live for one day", you shouldn't do it the dirty way, when it's ridiculously easy to do so much better, for example:
<?php
$site = $_GET['url'];
try {
$db = new PDO('mysql:host=localhost;dbname=rocket_newsites;charset=utf8', 'username', 'password');
$stmt = $db->prepare("INSERT INTO rocket_newsites.sites (url) VALUES (:url)");
$stmt->bindValue(':url', $site, PDO::PARAM_STR);
$stmt->execute();
} catch(PDOException $ex) {
echo "An Error occured!";
}
?>
It's trivially easy to transform your original script into this form, and now this is safe from 1st order SQL injection attacks. (See this post for more details.)
I also removed the id column from the parameter list, because you were setting it to NULL, so it was unnecessary in the first place.
As for the performance, if this script will be called 1000+ times per second, that will be very efficient, but it's hard to do something about that within this script. It's caller that should change its behavior. Change the caller to buffer the requests, and send multiple URLs at once so you can change this script to use bulk inserting.
As many have already suggested, the way you execute the query is vulnerable to SQL injection attacks. Even if the code will "only live for one day", you shouldn't do it the dirty way, when it's ridiculously easy to do so much better, for example:
<?php
$site = $_GET['url'];
try {
$db = new PDO('mysql:host=localhost;dbname=rocket_newsites;charset=utf8', 'username', 'password');
$stmt = $db->prepare("INSERT INTO rocket_newsites.sites (url) VALUES (:url)");
$stmt->bindValue(':url', $site, PDO::PARAM_STR);
$stmt->execute();
} catch(PDOException $ex) {
echo "An Error occured!";
}
?>
It's trivially easy to transform your original script into this form, and now this is safe from 1st order SQL injection attacks. (See this post for more details.)
I also removed the id column from the parameter list, because you were setting it to NULL, so it was unnecessary in the first place.
As for the performance, if this script will be called 1000+ times per second, that will be very efficient, but it's hard to do something about that within this script. It's caller that should change its behavior. Change the caller to buffer the requests, and send multiple URLs at once so you can change this script to use bulk inserting.