Robert Cummings wrote: > On Mon, 2007-02-05 at 22:00 +0100, Keryx Web wrote: >> Eric Gorr skrev: >>> I haven't tracked this particular issue, but I know when PHP5 was first >>> released is wasn't recommended in a commercial/production environment. >>> However, a lot of time has passed and we're at v5.2 now...have things >>> changed? Have Google&Yahoo, for example, moved to PHP5? Or is PHP4 still >>> the recommendation for such environments? >> My two cents: Any modern PHP-app should use prepared statements for >> efficiency and security. PEAR-DB and some other PHP 4 workable >> abstraction layers can emulate this, but it's only in PHP 5 you get the >> real thing, with mysqli or PDO, or a PHP class that's built on top of >> such an interface. >> >> To me, that's the must have feature of PHP 5 I can't be without. Nor do >> I think one could call him-/herself professional still doing old school >> mysql-interface calls to the DBMS. > > I sincerely question the competence of someone who advocates a one size > fits all approach to programming. There are many reasons why a developer > may work with the old-school interface calls. For instance they may be > supporting an old school application. They might be writing their own > abstract layer. They might be optimizing an extremely loaded system > whereby explicitly using the API calls improves speed. Prepared > statements only improve speed when making multiple queries to the > database having the same format. They slow things down when making > unique queries. Any developer worth his salt doesn't need prepared > statements to improve security, and assuming prepared statements will > protect you is silly since they cannot protect against everything. A > professional knows when to use any given approach given the environment > and requirements. you forgot to mention the firebird users - who have the choice of using the 'old-school' interface (with all the kick-ass parameterized queries functionality that's actually part of firebird itself, etc) or use the PDO equivelant which is: a, pretty much broken for firebird. b, emulates the superior functionality of the firebird database at the php level. just my 2 old-school db calls. :-) > > Cheers, > Rob. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
