php mysql max() question

Eric Cope eric.cope at gmail.com
Sun Apr 12 21:50:38 MST 2009 

Isn't that the beauty of open source, you can fix it as you wish?
You trust PHP, the web server, the database, and any other software to be
secure, why draw the line between those pieces of software and frameworks?

I see it as one more layer to secure, but the beauty of frameworks is that
there are that many more eyes pouring over the code and testing it...

thoughts?

On Sun, Apr 12, 2009 at 9:13 PM, Kenny Pepiton
<phoenixplug at kennysplace.com>wrote:

> I myself don't trust PHP frameworks for the simple reason of
> understanding the code that goes into my site as well as understanding
> the security vulnerabilities that my own code creates.  I am not very
> fond of not knowing where my code vulnerabilities lie and waiting
> patiently for a fix in the framework to keep my sites securely coded.
>
> Kenny
>
>
> Eric Cope wrote:
> > Use a PHP framework like CakePHP or CodeIgniter and life is much
> better...
> >
> >
> > On Sun, Apr 12, 2009 at 7:47 PM, Craig White <craigwhite at azapple.com
> > <mailto:craigwhite at azapple.com>> wrote:
> >
> >     On Sun, 2009-04-12 at 15:13 -0700, A. W. Wright wrote:
> >     > Craig White wrote:
> >     > > just want the max of an integer field ultimately into a variable.
> >     > >
> >     > > <?php
> >     > >   $MaxSalesOrders = 'SELECT MAX(orderno) FROM salesorders;';
> >     > >   mysql_connect("$HOST", "$USER", "$PASSWD");
> >     > >   mysql_select_db("lighting_unlimited");
> >     > >   $MaxSalesOrdersResult = mysql_query($MaxSalesOrders);
> >     > >   mysql_close();
> >     > >   echo var_dump($MaxSalesOrdersResult) . " - " . \
> >     > >    $MaxSalesOrdersResult;
> >     > > ?>
> >     > >
> >     > > seems pretty straight forward. In mysqlclient, the answer is
> >     of course
> >     > > returned - perhaps as a row, I'm never quite sure.
> >     > >
> >     > > The code above returns the following in a browser...
> >     > >
> >     > > resource(6) of type (mysql result) - Resource id #6
> >     > >
> >     > > and I've been trying all sorts of things 'SELECT AS...' and
> >     Googled for
> >     > > several hours and I'm sort of convinced that what is being
> >     returned from
> >     > > the sql query is neither an array, nor string and has to be
> >     converted
> >     > > into a variable that is useful to me.
> >     > >
> >     > > Anyone know how to do this (i.e. without pear-db)?
> >     > >
> >     > > Craig
> >     > >
> >     > mysql_query (and mysqli_query) doesn't actually give you the
> resuly,
> >     > just a pointer to it. Use the mysql_fetch_assoc (returned array
> >     indexed
> >     > by column name) or mysql_fetch_row (indexed by column order)
> >     function to
> >     > get that, and see http://us2.php.net/mysql_query for more
> >     information.
> >     ----
> >     yeah that was it. I was sort of looking at that, trying to
> >     decipher the
> >     api of the software I was working on and then creating my own
> >     connections out of the program so I could test bits of code. I'm
> >     easily
> >     confused I guess.  ;-)
> >
> >     One thing is certain, I have been spoiled by ruby on rails and php
> >     just
> >     seems so crude and ugly now.
> >
> >     Thanks
> >
> >     Craig
> >
> >
> >     --
> >     This message has been scanned for viruses and
> >     dangerous content by MailScanner, and is
> >     believed to be clean.
> >
> >     ---------------------------------------------------
> >     PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> >     <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
> >     To subscribe, unsubscribe, or to change your mail settings:
> >     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
> > ------------------------------------------------------------------------
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090412/fd488ca1/attachment.htm

More information about the PLUG-discuss mailing list