这个功能好吗? [关闭]

All my website functions are like the one i will paste below. i wanted to ask, has this function any possible bug ? will this function make the server load hard ? can you suggest anything better for my website ? there are a lot of pageviews at my web, so i need to get my data without loading hard my server.

the code ( this is used to get the single posts.)

function single($id = '') {
    $id = mysql_real_escape_string ($id);
    $sql = 'SELECT id,post_title,post_date,post_content FROM wp_posts WHERE id='.$_GET['id'].'  LIMIT 1';
    $res = mysql_query($sql) or die (mysql_error());    

if (mysql_num_rows($res) !=0):
    while ($row = mysql_fetch_assoc($res)) {

    //this filter the content from the database
    $mycontent = $row['post_content'];
    $mycontent = strip_tags($mycontent);
    $mycontent = preg_replace("/\[caption.*\[\/caption\]/", '', $mycontent); 
    $mycontent = htmlentities($mycontent);

    //this make possible  to show special characters on title
    $title = $row['post_title'];
    $title = htmlentities($title);

    //date format
        $old_date = $row['post_date'];            
    $old_date_timestamp = strtotime($old_date);
    $new_date = date('d.m.Y   H:i', $old_date_timestamp); 

    //get first post image
    $first_img = '';
    ob_start();
    ob_end_clean();
    $my1content = $row['post_content'];
    $output = preg_match_all('/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $my1content, $matches); 
    $first_img = $matches [1] [0];
    if(empty($first_img)){ //Defines a default image
    $first_img = "/img/default.png";
    }

    echo '
        <div class="single-header">
        <div class="single-title">'.$title.'</div>  
        <div class="single-tr"> '.$new_date.'</div> 
        </div><!-- single header -->
        <div class="single-print"></div><!-- print -->
        <div class="single-content">
        <div class="single-img">
        <img src="timthumb.php?src='.$first_img.'&amp;h=223&amp;w=395&amp;zc=1" alt="" />
        </div>
        <div class="single-text">'.$mycontent.' </div>
        </div> <!-- content -->
    '; //echo
}
    else:
        echo 'Dont exist';
    endif;
} // end

This is very important for me , please check it , any kind of help will be just great

Thank you a lot for reading this thread.

  1. Security: you are mysql-real-escaping the $id from the function call, but including $_GET['id'] into the query…
  2. There is nothing between ob_start(); and ob_end_clean();, so its useless
  3. I would make some minor changes just for readability:

.

// e.g. instead
$title = $row['post_title'];
$title = htmlentities($title);
// do
$title = htmlentities($row['post_title']);

EDIT:

As this seems to be a function for Wordpress, you may use the wpdb-class instead of using mysql-functions directly.