| From: | PFC <lists(at)peufeu(dot)com> |
|---|---|
| To: | "Ron Johnson" <ron(dot)l(dot)johnson(at)cox(dot)net>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PHP sucks!! - was: persistent db connections in PHP |
| Date: | 2007-06-16 20:40:09 |
| Message-ID: | op.tt07o7vbcigqcu@apollo13 |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> I wouldn't call Python *strongly* typed, but I do know what you mean. I
> think.
It is strongly typed (string + int = error), just not statically typed
(but you saw what I mean ;)
> "PHP: very loosely typed, does whatever it wants"
> yeah php got a life of its own! sure be a lazy programmer and blame
> sql injection etc crap on php or try http://www.xdebug.org/ and
> others.
No need.
I either use pg_query_params() which automagically handles all quoting,
or an ORM which does the same.
There is no reason to include strings in SQL statements except laziness.
MySQL does not have a mysql_query_params() for PHP, so you have to write
one, it's pretty simple.
Python's (and perl) strength in this respect is that they make it easier
to use the safe solution, ie :
query( "sql with ? or $1 or %s", arg, arg, arg )
PEAR::DB is horrendous.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron Johnson | 2007-06-16 20:57:16 | Re: PHP sucks!! - was: persistent db connections in PHP |
| Previous Message | John Smith | 2007-06-16 20:34:07 | Re: PHP sucks!! - was: persistent db connections in PHP |