[isf-wifidog] MySQL support - shouldn't we skip it?
François Proulx
fproulx at edito.qc.ca
Sam 21 Jan 01:37:11 EST 2006
I'm OK, as long as you don't use highly specific non-SQL99 / SQL2003
commands. Can anybody confirm that the new PHP PDO supports BLOB
encapsulation for Postgresql ? And I don't mean BYTEA fields, I'm
referring to OID-based BLOBs. We'd have to modify some SQL generation
logic for using PDO's prepared statements, but that should be trivial
in most cases, althought since its critical and it has to be done
carefully ...
I'm all for not taking care of MySQL too much, but with MySQL 5.0
plenty of things have changed ... it will be more and more trivial to
support it I guess. For 1.0, let's forget it. But moving to PHP PDO
is always a good thing, if only for preventing SQL Injection with
prepared statements. I haven't analyzed all our code , but just
escaped strings might not be enough... ie. $user_id="0; DELETE FROM
users" .... "SELECT * FROM users WHERE user_id = {$user_id};" So,
we might be vulnerable where we use integers fields. PDO's prepared
statement take care of this by escaping semi-colons, adding single
quotes on integer fields etc...
On 20-Jan-2006, at 19:35 , Max Horváth wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi everybody ...
>
> before we'll release WiFiDog 1.0 I think that we should decide
> whether to support MySQL or not.
>
> In my opinion we should skip the support and concentrate on
> PostgreSQL ... I mean - we can't release a WiFiDog 1.0 release with
> broken MySQL support, right? ;)
>
> For more than one year there hasn't been found a maintainer for
> MySQL. And it never really worked.
>
> I think it be much better to skip support and to add some advanced
> techniques that can only be done in PostgreSQL and that would speed
> up WiFiDog.
>
> What's your opinion?
>
> Cheers, Max!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
>
> iD8DBQFD0YG/+BKgC+eQ3ooRApDWAJ9rRByrgtKo9TfUEFE5ppEUivvA3ACgkz/W
> ZsJDOKMHPqvUq9pTtvP+4F0=
> =TUXV
> -----END PGP SIGNATURE-----
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
More information about the WiFiDog
mailing list