On Tue, May 27, 2014 at 11:45 AM, Doran L. Barton <f...@hypermoo.com> wrote:
> On Tue, 27 May 2014 10:48:06 -0400 > Jared Smith <jaredsm...@jaredsmith.net> wrote: > > > > Don't use PHP. ;-) > > > > I know you probably meant this to be tongue-in-cheek, but this problem > > isn't specific to PHP. It's just as easy to write bad SQL statements in > > Perl or Python or any other language that interacts with a database. > > This is true. No language guarantees that you will write good code. > Sanitized SQL queries are no exception. That being said, from what I have > seen (and, admittedly, not much) the PHP community has only recently > started preaching a One Right Way (tm) to do it (PDO). For years, most > newbie PHP programmers have learned or been taught the Bad way of doing it. > That's probably my biggest beef with PHP, in general: Most of the people > writing code in PHP have no clue what the best practices are or should be. > That's not the case with Perl, Python, Java, Ruby, etc. > > It's good that it's (slowly) changing for PHP. > > > More importantly, all the old (and some relatively new) tutorials and stuff that are still around still tout the WRONG ways to think about database interfacing, let alone PHP. It's important to separate the problem space from the language, but the tools (for some reason) still exist in PHP despite being incredibly old. PHP 5 was released a decade ago! So the original question of "how to do this in php" does actually get well answered in another form of "don't use PHP" by transforming it to "don't think about this like PHP and its community tell you to think about this, think about it like a database interface user and work out from there." -Tod Hansmann /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
