7r1n17y
New Member
- Jun 11, 2017
- 13
- 5
I would not use this for production use due to the fact that their is no Csrf validation and their is a Timing attack vulnerability. Plus their is no prepared statements going on so your script is vulnerable to SQL Injection. strip_tags, stripslashes, mysqli_real_escape_string is not enough. Md5 should not be used according to the php manual
PHP Manual -
You must be registered for see links
. I am hoping you secured your php sessions.PHP Manual -
You must be registered for see links
iCranavvo
nope! not really!
- Oct 27, 2011
- 33
- 14
A preference that isn't shared by other developers.
PDO does not 'take less lines of code' as you put it. In fact you would have to do more; there's nothing wrong with the MySQLi class.
Weasel
👄 I'd intercept me
- Nov 25, 2011
- 4,132
- 2,456
Object-Oriented MySQLi and PDO are both an equal amount of lines, PDO might even be one shorter. Most developers will use PDO, as it has way more options than MySQLi, which only supports the MySQL driver, as where PDO supports 12 databses. MySQLi does not support named parameters, which PDO does, as they contribute to code readability.
Besides that, PDO is mainly the industry standard. MySQLi is just an easy drop-in to replace MySQL. Personally, I think MySQLi will be deprecated eventually too.
iCranavvo
nope! not really!
- Oct 27, 2011
- 33
- 14
Ah yes; thank you PDO for coming with all those unused drivers.
Ecko
23:37 [autobots] -!- eckostylez [[email protected]]
- Nov 25, 2012
- 1,396
- 960
Unused to who?
