All very interesting indeed
but where's the abuse?
Or at least a picture of some tits? (cue the hysterical pictures of parus major)
- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Reply to: Why is the DB on this forum so dodgy?
Collapse
You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:
- You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
- You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
- If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Logging in...
Previously on "Why is the DB on this forum so dodgy?"
Collapse
-
Yeah the mysqli extension does that using recent mysql client libs. Only problem is that 90% of crappy php web hosts don't use it.
mysql_escape_string IS safe. I've read the source code!
Leave a comment:
-
Originally posted by bogeymanDo you mean that strings should never be passed through, and the query should be abstracted from the actual SQL call - if so, I entirely agree.
To illustrate...
If an app needs to return a record for a an Engineering Part, let's say, then the app should provide a GetPartRecordByNo(string partNo) method.
Rather than GetWhateverIWant("SELECT * FROM TABLE_PARTS");
It's only right!
Code:PreparedStatement stmt = connection.prepareStatement("select * from table_parts where partNo = ?"); stmt.setString(1, partNo); stmt.execute();
Leave a comment:
-
Originally posted by TheMonkeyI use PHP quite regularly. My code DOES escape strings, but safely:
Code:/** * Login and set cookie etc. */ function security_login($email_address, $password, $remember_me) { $sql = sprintf("SELECT user_id FROM user WHERE email_address = '%s' AND password = MD5('%s');", mysql_escape_string($email_address), mysql_escape_string($password)); print_r($this->database->querySingleRow($sql)); }
Leave a comment:
-
I use PHP quite regularly. My code DOES escape strings, but safely:
Code:/** * Login and set cookie etc. */ function security_login($email_address, $password, $remember_me) { $sql = sprintf("SELECT user_id FROM user WHERE email_address = '%s' AND password = MD5('%s');", mysql_escape_string($email_address), mysql_escape_string($password)); print_r($this->database->querySingleRow($sql)); }
Leave a comment:
-
Originally posted by Cowboy BobI've yet to meet any other sort. Just look here - http://thedailywtf.com/forums/thread/87226.aspx - where they're all banging on about using escaped strings to pass into SQL statements. And these guys nearly all seem to think they're experts.
(If you have to question why escaping strings is bad, put yourself into the aforementioned category).
To illustrate...
If an app needs to return a record for a an Engineering Part, let's say, then the app should provide a GetPartRecordByNo(string partNo) method.
Rather than GetWhateverIWant("SELECT * FROM TABLE_PARTS");
It's only right!
Leave a comment:
-
Originally posted by TheMonkeycrappy PHP developers
(If you have to question why escaping strings is bad, put yourself into the aforementioned category).
Leave a comment:
-
Let's help people understand MySQL a little better and jump to it's defense a little...
- It has referential integrity.
- It has programmable constraints
- It has stored procedures
- It has views.
- It has replication.
- It has a tiered security architecture.
- It has full text indexing that works REALLY well.
- It does ANSI SQL.
- It is extremely fast.
- It runs on more platforms than any other RDBMS.
- It has decent development tools.
- It is cheap as in £0
- It is easy to install and use.
- It has a clustering facility.
- It has good documentation.
- It has .Net providers, JDBC providers, ODBC providers and modules for almost every scripting language on the planet.
99% of MySQL's problems are the crappy PHP developers who insist on backwards compatibility with version 4.1 and below.Last edited by TheMonkey; 23 August 2006, 15:50.
Leave a comment:
-
Originally posted by ferretApologies if the forum outages caused you to do any work, we know this is inexcusable and we will be working hard to make sure you are not distracted by work again in the future.
One small thing, Mr Ferret: the emoticons seem to render every time when you get to the reply/add new post page.
Any chance of caching them because until they've rendered, the Toolbar buttons seem to create a JavaScript error if you click on them prematurely?
Leave a comment:
-
Originally posted by Cowboy BobOnly a finer point??? I'd argue that this is the cause of many a forum crash due to keys getting out of step with different PHP scripts updating the same tables. Just a hunch...
EDIT: Notice that the breadcrumbs on the top of the forum throw errors right now? I'd lay money on that being some sort of PK clash.
I do, however, agree that it would be nice if MySQL had a coherent RI implemention.
Leave a comment:
-
Originally posted by bogeyman(maybe because it skips on some of the finer points, like referential integrity checking)
EDIT: Notice that the breadcrumbs on the top of the forum throw errors right now? I'd lay money on that being some sort of PK clash.Last edited by Cowboy Bob; 23 August 2006, 12:57.
Leave a comment:
-
Originally posted by DimPrawnObviously not seeing the number of outages on this site. Not exactly high throughput is it? A few posts a minute.
MySQL is generally regarded as fairly high throughput (maybe because it skips on some of the finer points, like referential integrity checking).
You can't blame the DB for being on a crap underpowered server.
Leave a comment:
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- Streamline Your Retirement with iSIPP: A Solution for Contractor Pensions Sep 1 09:13
- Making the most of pension lump sums: overview for contractors Sep 1 08:36
- Umbrella company tribunal cases are opening up; are your wages subject to unlawful deductions, too? Aug 31 08:38
- Contractors, relabelling 'labour' as 'services' to appear 'fully contracted out' won't dupe IR35 inspectors Aug 31 08:30
- How often does HMRC check tax returns? Aug 30 08:27
- Work-life balance as an IT contractor: 5 top tips from a tech recruiter Aug 30 08:20
- Autumn Statement 2023 tipped to prioritise mental health, in a boost for UK workplaces Aug 29 08:33
- Final reminder for contractors to respond to the umbrella consultation (closing today) Aug 29 08:09
- Top 5 most in demand cyber security contract roles Aug 25 08:38
- Changes to the right to request flexible working are incoming, but how will contractors be affected? Aug 24 08:25
Leave a comment: