[isf-wifidog] MySQL support - shouldn't we skip it?

François Proulx fproulx at edito.qc.ca
Sam 21 Jan 01:37:11 EST 2006 

I'm OK, as long as you don't use highly specific non-SQL99 / SQL2003  
commands. Can anybody confirm that the new PHP PDO supports BLOB  
encapsulation for Postgresql ? And I don't mean BYTEA fields, I'm  
referring to OID-based BLOBs. We'd have to modify some SQL generation  
logic for using PDO's prepared statements, but that should be trivial  
in most cases, althought since its critical and it has to be done  
carefully ...

I'm all for not taking care of MySQL too much, but with MySQL 5.0  
plenty of things have changed ... it will be more and more trivial to  
support it I guess. For 1.0, let's forget it. But moving to PHP PDO  
is always a good thing, if only for preventing SQL Injection with  
prepared statements. I haven't analyzed all our code , but just  
escaped strings might not be enough... ie. $user_id="0; DELETE FROM  
users" ....  "SELECT * FROM users WHERE user_id = {$user_id};"    So,  
we might be vulnerable where we use integers fields. PDO's prepared  
statement take care of this by escaping semi-colons, adding single  
quotes on integer fields etc...

On 20-Jan-2006, at 19:35 , Max Horváth wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi everybody ...
>
> before we'll release WiFiDog 1.0 I think that we should decide  
> whether to support MySQL or not.
>
> In my opinion we should skip the support and concentrate on  
> PostgreSQL ... I mean - we can't release a WiFiDog 1.0 release with  
> broken MySQL support, right? ;)
>
> For more than one year there hasn't been found a maintainer for  
> MySQL. And it never really worked.
>
> I think it be much better to skip support and to add some advanced  
> techniques that can only be done in PostgreSQL and that would speed  
> up WiFiDog.
>
> What's your opinion?
>
> Cheers, Max!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
>
> iD8DBQFD0YG/+BKgC+eQ3ooRApDWAJ9rRByrgtKo9TfUEFE5ppEUivvA3ACgkz/W
> ZsJDOKMHPqvUq9pTtvP+4F0=
> =TUXV
> -----END PGP SIGNATURE-----
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

More information about the WiFiDog mailing list