mignon hunter wrote:
I'm am trying to find some definitive best practises on database connections
with php on both mysql and oracle.
I'm starting to redesign a corporate website and am trying to find out more
about security and the best practises for database queries and user input form
handling.
For example - what's the best usage - prepared statements? And does it have
to be php 5? I need preferably a one stop shop as opposed to looking at dozens of
different places. Can you advise a particular book? Website?
I have checked out the security area on the php manual and some users notes -
some were useful. But it didnt really have a lot of info and I dont think it is
comprehenive or all inclusive.
Thanks in advance. PS I would like to switch the current site from jsp to
php. I was going to look into Zend IDE. Comments? Suggestions?
thanks
PHP 5.2 is the way to go for new projects: PHP 4 isn't being
maintained.
Binding/preparing statements is the way to go. Here are quotes about
them with MySQL Oracle
They are useful for speeding up execution when you are performing
large numbers of the same query with different data. They also
protect against SQL injection-style attacks. (From PHP and
MySQL Web Development, 4th Edition, Luke Welling and Laura
Thomson)
If I were to write a book about how to build nonscalable [note
the NON] Oracle applications, then 'Don't Use Bind Variables'
would be the title of the first and last chapters. [...] If you
want to make Oracle run slowly [...] just refuse to use bind
variables (From Expert Oracle Database Architecture, Tom Kyte)
Depending on the site needs, consider a DB abstraction layer or a
framework.
For high performance connections in PHP OCI8 for Oracle, use
oci_pconnect() and pass the character set.
There are a number of Oracle-PHP books available. One free,
introductory one is the Underground PHP Oracle Manual,
http://tinyurl.com/f8jad (A new edition will be released in the next
couple of weeks)
Chris
--
Email: [EMAIL PROTECTED] Tel: +1 650 506 8630
Twitter: http://twitter.com/ghrdFree PHP Book: http://tinyurl.com/f8jad
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php