4

It's 2019 and I still see mysql_connect statement in production

Comments
  • 3
    Oh boy.
    It's 2019...I still support php5.4 for some projects (No, they can't be easily migrated up to 7)
    And your worried about mysql_connect 😉

    You can still prevent sqli with mysql_ if you actually data cleanse your inputs instead of just accepting what ever the user shoves in and dropping it directly into a query.
  • 2
    @C0D4 don't get me wrong here, it's not introspective rant, I love PHP, but I will never support thy who don't know what to do or how to it in the first place, i.e. elementary work, people should atleast do one Google search if this method is safe, is this npm package is safe or not
  • 2
    @C0D4 and kudos for supporting PHP 5.4
  • 2
    @nothappy I get it though, anything new being created should avoid the old ways of doing anything.

    As for supporting 5, it's more of a fight between - do I spend the time to upgrade or do I spend the time convincing them to start again with something thought through this time.
  • 0
    Very careful here...

    MySQL returns all datatypes (database) as String (PHP)

    MySQLi casts to appropriate datatype...

    Many people think that this matters only when using (===) but that's not the case...

    it can lead to very nasty bugs :(
Add Comment