1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Rep Power

    Can we sticky the deprecation of mysql EXT.

    Could we make a sticky for the deprecation of the mysql extension to avoid confusion.

    I was not aware of the deprecation of the extension until being advised by some senior members here and seeing other posts shows that many others are also unaware of these changes.
  2. #2
  3. Impoverished Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Washington, USA
    Rep Power
    I've already asked someone to write a sticky on the subject, like what's wrong with mysql and how to switch to PDO/mysqli, but if anyone else like to write something then we can definitely pin it up there.
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Rep Power

    I'm working on a list of "5 common security sins", which includes an explanation of SQL injections and how to avoid it with prepared statements using either PDO or MySQLi. I do mention mysql_real_escape_string() as a workaround for big legacy projects, however.

    I think a complete list makes more sense than just addressing a particular aspect of unsecure code. Whenever you see certain bad practices, you can then simply link to the corresponding "chapters" instead of explaining the same stuff over and over again (why mysql_... is bad, why you must use htmlentities() etc.)

    The content is as follows:
    1. Don't insert raw values into query strings (SQL injections)
    2. Don't insert raw values into HTML markup (XSS)
    3. Don't display internal error messages
    4. Don't rely on MD5/SHA-2/... for password hashing (and don't store plaintext passwords, of course)
    5. Don't allow users to change data solely based on their login status (CSRF)

    Comments on this post

    • requinix agrees : sounds good
    • portcitysoftwar agrees
    • sir_drinxalot agrees : keen to read it
    • Northie agrees
  6. #4
  7. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    North Yorkshire, UK
    Rep Power
    There's a link in my sig to an article that I think gives a good overview for beginners and the "copy and paste" (ahem) 'developers'
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]

IMN logo majestic logo threadwatch logo seochat tools logo