All of my PHP/MySQL stuff was done years ago, and I used "good
practices" at the time.  Things have changed, and it's past time to
get up to speed on mysqli, PDO, sessions, etc.  All my projects to
date have been private, hobby things that "outsiders" didn't have
access to.  That's about to change -- well, if I can ever get this
stuff figured out.  

I've been digging around on the web for several weeks now, and I don't
feel like I've made much in the way of progress as regards prepared
statements and mysqli and SQL injection and PDO and XSS attacks and
OOP -- did manage to get a handle on full-text search, sessions, and
sanitizing and validating user input, though.  ;-)  

But mostly I feel like I'm just going around in circles.  Every time I
think, "Okay, I'm going to do it THIS way!" I run into a problem,
Google for the solution, and find lots of different solutions, or
problems, relating to things that I thought I had already resolved.  

Lots of RTFM hours invested, but still unsure about where to go from

I've tried to figure out OOP a few times in the past, and it just
makes my eyes bleed and my brain hurt.  I can't seem to grasp it at
all.  I'm pretty sure I'm not stupid -- maybe it's because I stored my
first BASIC program on a cassette tape?  

But . . . PDO is OOP?  And mysqli is OOP or procedural -- but PDO is
the better solution?  Either way, I just can't figure out how to
convert some of my mysql queries to either one.  

I found, of course, oodles of info on the web.  I check dates to make
sure it's current, but they're sneaky -- one tutorial I found from
2012 seemed pretty good until the author  recommended using
mysql_real_escape_string, and even *I* knew that wasn't right --
getting rid of that usage is one of the reasons I started digging
around in the first place.  Reading down through the comments, I found
it was a re-post of a 2006 article, but, interestingly enough, while
they discussed several other recommendations, not a single commenter
mentioned the mysql_real_escape_string issue.  

I know how to Google -- but I can't always tell if what I'm finding is
really "it" or just another load of . . . misinformation.  Who are the
REAL authorities on this stuff?  I like books, too, since I don't want
to spend all my time in front of a screen -- but the expense would
require limiting them to just one or two -- I want to get the "right"

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to