php mysql max() question
Tony E - Jaraeth
jaraeth at phoenixwing.com
Mon Apr 13 08:00:43 MST 2009
That may be the beauty of Open Source, but when you're trying to
minimize security risks, adding on another layer of possible security
failure is just that... another security hole needing patching. It's
like having 3 bank robbers, then adding a 4th and saying "it's only one
more robber... they can't possibly do any more harm than having only
three".
However, if you like it, then that's cool. I personally, don't like
frameworks either. I have enough issues with OS' not being fast w/
security fixes. Apache, PHP, MySQL, OpernSSH, my own PHP code, phpBB,
Gallery, and a few other things... add in a framework, and I'd be in for
a world of hurt. One thing does come to mind when you mentioned
frameworks... one for which I have a rather livid hatred for...
SmartyPHP. Smarty is one of the worst pieces of crap I have ever seen,
and I have to use it for a particular application, "because that is what
the developer used, and I *have* to use that app."
If you want secure code, do it yourself, unless you don't mind putting
blind faith in a 3rd party app. Sometimes I do, which is why I use
phpBB and the like. I sure as heck am not building my own forum software.
Ciao,
Tony E
"Raptus regaliter"
jaraeth at phoenixwing.com
http://www.phoenixwing.com/
Eric Cope wrote:
> Isn't that the beauty of open source, you can fix it as you wish?
> You trust PHP, the web server, the database, and any other software to
> be secure, why draw the line between those pieces of software and
> frameworks?
>
> I see it as one more layer to secure, but the beauty of frameworks is
> that there are that many more eyes pouring over the code and testing it...
>
> thoughts?
>
> On Sun, Apr 12, 2009 at 9:13 PM, Kenny Pepiton
> <phoenixplug at kennysplace.com <mailto:phoenixplug at kennysplace.com>> wrote:
>
> I myself don't trust PHP frameworks for the simple reason of
> understanding the code that goes into my site as well as understanding
> the security vulnerabilities that my own code creates. I am not very
> fond of not knowing where my code vulnerabilities lie and waiting
> patiently for a fix in the framework to keep my sites securely coded.
>
> Kenny
>
>
> Eric Cope wrote:
> > Use a PHP framework like CakePHP or CodeIgniter and life is much
> better...
> >
> >
> > On Sun, Apr 12, 2009 at 7:47 PM, Craig White
> <craigwhite at azapple.com <mailto:craigwhite at azapple.com>
> > <mailto:craigwhite at azapple.com <mailto:craigwhite at azapple.com>>>
> wrote:
> >
> > On Sun, 2009-04-12 at 15:13 -0700, A. W. Wright wrote:
> > > Craig White wrote:
> > > > just want the max of an integer field ultimately into a
> variable.
> > > >
> > > > <?php
> > > > $MaxSalesOrders = 'SELECT MAX(orderno) FROM salesorders;';
> > > > mysql_connect("$HOST", "$USER", "$PASSWD");
> > > > mysql_select_db("lighting_unlimited");
> > > > $MaxSalesOrdersResult = mysql_query($MaxSalesOrders);
> > > > mysql_close();
> > > > echo var_dump($MaxSalesOrdersResult) . " - " . \
> > > > $MaxSalesOrdersResult;
> > > > ?>
> > > >
> > > > seems pretty straight forward. In mysqlclient, the answer is
> > of course
> > > > returned - perhaps as a row, I'm never quite sure.
> > > >
> > > > The code above returns the following in a browser...
> > > >
> > > > resource(6) of type (mysql result) - Resource id #6
> > > >
> > > > and I've been trying all sorts of things 'SELECT AS...' and
> > Googled for
> > > > several hours and I'm sort of convinced that what is being
> > returned from
> > > > the sql query is neither an array, nor string and has to be
> > converted
> > > > into a variable that is useful to me.
> > > >
> > > > Anyone know how to do this (i.e. without pear-db)?
> > > >
> > > > Craig
> > > >
> > > mysql_query (and mysqli_query) doesn't actually give you
> the resuly,
> > > just a pointer to it. Use the mysql_fetch_assoc (returned
> array
> > indexed
> > > by column name) or mysql_fetch_row (indexed by column order)
> > function to
> > > get that, and see http://us2.php.net/mysql_query for more
> > information.
> > ----
> > yeah that was it. I was sort of looking at that, trying to
> > decipher the
> > api of the software I was working on and then creating my own
> > connections out of the program so I could test bits of code. I'm
> > easily
> > confused I guess. ;-)
> >
> > One thing is certain, I have been spoiled by ruby on rails
> and php
> > just
> > seems so crude and ugly now.
> >
> > Thanks
> >
> > Craig
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list -
> PLUG-discuss at lists.plug.phoenix.az.us
> <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
> > <mailto:PLUG-discuss at lists.plug.phoenix.az.us
> <mailto:PLUG-discuss at lists.plug.phoenix.az.us>>
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list -
> PLUG-discuss at lists.plug.phoenix.az.us
> <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list