By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,984 Members | 1,086 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,984 IT Pros & Developers. It's quick & easy.

elaborate PDO documentation: recommendations?

P: n/a
Hi,

Can anyone recommend some extensive PDO documentation? Especially
documentation that describes PDO's security capabilities. For instance what
measurements does the PDO::prepare take to prevent SQL injection, etc.? And
what extra measurements would be appropriate.

PHP's PDO manual isn't very elaborate IMO.

I was also wondering whether it is safe to asume that a fair amount of
(shared) hosting providers will have PDO (and thus PHP5?) installed. Any
experiences?

Thanks!

A.
Aug 17 '06 #1
Share this Question
Share on Google+
3 Replies


P: n/a

amygdala wrote:
Hi,

Can anyone recommend some extensive PDO documentation? Especially
documentation that describes PDO's security capabilities. For instance what
measurements does the PDO::prepare take to prevent SQL injection, etc.? And
what extra measurements would be appropriate.

PHP's PDO manual isn't very elaborate IMO.
Yeah, the PDO documentation is rather sparse. AFAIK, it will use the
underlying database driver's implementation for escaping strings to
make them safe for queries, and it can't get much better than that,
since those take into account the character specifics of that database.

For database's that don't have prepared statements (ie: mysql < 4.0,
iirc), i believe it emulates them. Not sure what it does exactly, most
likely escapes common characters like ' and "

PDO is very lightweight for a database layer. While it is very fast,
it doesn't have as many features as PEAR::DB or equiv. If you need
more capabilities or options, I suggest another abstraction layer, like
MDB2, adoDB, or any of the other ones.
>
I was also wondering whether it is safe to asume that a fair amount of
(shared) hosting providers will have PDO (and thus PHP5?) installed. Any
experiences?

Thanks!

A.
I'm not sure on how widespread PHP5 is. A few hosters I know of have
it, many don't. The same goes for PDO, since it must be manually
specified in configure and added to the ini file.

Aug 18 '06 #2

P: n/a

"Richard Levasseur" <ri********@gmail.comschreef in bericht
news:11*********************@i3g2000cwc.googlegrou ps.com...
>
amygdala wrote:
>Hi,

Can anyone recommend some extensive PDO documentation? Especially
documentation that describes PDO's security capabilities. For instance
what
measurements does the PDO::prepare take to prevent SQL injection, etc.?
And
what extra measurements would be appropriate.

PHP's PDO manual isn't very elaborate IMO.

Yeah, the PDO documentation is rather sparse. AFAIK, it will use the
underlying database driver's implementation for escaping strings to
make them safe for queries, and it can't get much better than that,
since those take into account the character specifics of that database.
Hmm maybe indeed that's all there is to know. I'm just pretty new to PHP and
databases, so I wanna get a clear understanding of what's going on in the
background of things, to build up confidence that I'm taking the appropriate
measures, etc. etc.
For database's that don't have prepared statements (ie: mysql < 4.0,
iirc), i believe it emulates them. Not sure what it does exactly, most
likely escapes common characters like ' and "

PDO is very lightweight for a database layer. While it is very fast,
it doesn't have as many features as PEAR::DB or equiv. If you need
more capabilities or options, I suggest another abstraction layer, like
MDB2, adoDB, or any of the other ones.
Well, so far PDO met my needs just fine. I'm not doing anything fancy.
>>
I was also wondering whether it is safe to asume that a fair amount of
(shared) hosting providers will have PDO (and thus PHP5?) installed. Any
experiences?

Thanks!

A.

I'm not sure on how widespread PHP5 is. A few hosters I know of have
it, many don't. The same goes for PDO, since it must be manually
specified in configure and added to the ini file.
I understand. While we're on the subject. Can you, or anyone else, recommend
a / some good PHP5 hosting provider(s) offering all around reasonable
prices, good service and undesputed (!! (-; ) knowledge ?

Thanks in advance!
Aug 19 '06 #3

P: n/a
amygdala wrote:
Can anyone recommend some extensive PDO documentation? Especially
documentation that describes PDO's security capabilities. For instance what
measurements does the PDO::prepare take to prevent SQL injection, etc.? And
what extra measurements would be appropriate.

PHP's PDO manual isn't very elaborate IMO.
<snip>

FWIW, you may check the links I added long time ago in the user
notes section at <http://in2.php.net/pdo>

PDO is actually data access layer--which means you don't have to
remember mysql_*, pgsql_*, etc function sets.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Aug 26 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.