Kris Craig wrote:
There is something really important I'd also like to stress: In UPGRADING, as well as any other literature we release designed to help people with this transition, we should not simply focus on porting ext/mysql code to mysqli. We should emphasize the use of prepared statements and fully integrate that into any tutorials we put out there. There are too many PHP devs out there who don't even know what prepared statements are and their ported mysqli code will reflect this if we're too lax on this point. Rasmus is right about asynchronous queries and other features being really helpful as well, but I think prepared statements stand apart because they prevent what is currently one of the most common security vulnerabilities on the web today.
This also sidesteps the status of PDO and highlights why we need to re-assess that as well. PDO was supposed to replace all database drivers with a common framework, but aspects being extolled for mysqli also apply to other engines for which PDO becomes a straight jacket? The proliferation of libraries either still using generic drivers or providing a poor abstraction layer because of the limits of PDO would be served better by not simply replacing mysql by mysqli in some examples. ADOdb still provides an ideal base which switching from one driver to another simply works, even using PDO as an alternative to the generic driver, where mysql to mysqli is just a matter of switching the driver name.
-- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
