Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Simon Champion:
PHP Upgrade Broke My Data Importer
Jun 27, 2013 @ 17:13:45

In his latest post Simon Champion recounts some of the issues he had when upgrading to PHP 5.4, what's usually a smooth transition from PHP 5.3. His specific problem came in a difference between the previous mysql_query call and the more-correct PDO usage.

Our office is in the thoes of a large-scale upgrade of the servers in our data center. The new version of Debian (version 7, or "Wheezy") has been officially released, having been in beta for the last few millenia, and our Ops team are slowly installing it across all our servers. This is great news, as it means we get to upgrade to PHP 5.4. Woohoo! New shininess. [...] We were ready. The upgrade should have been a breeze. But it wasn't.

He talks about his process of digging through the code trying to figure out why a call to import a CSV file into MySQL was failing. Their Data Importer component started failing with an error from MySQL about the "LOAD INFILE" not being allowed for use. He shares a "work around" that's not ideal (using exec) that manually imports the file into the database. He does point out that it could be something Debian-specific as they don't upgrade the version, just apply security patches retroactively.

We're making an effort to stick to modern PHP coding standards, so we're using PDO throughout, which makes is all the more galling. [...] Given that we do have a work-around now and everything is back up and running, I'm going to have to let this one drop; I don't have the time to try chasing it any more. But I hope this blog post will prove useful to anyone else having the same issue.
tagged: upgrade data importer mysql infile load pdo mysqlquery

Link: http://spudley.com/blog/php-upgrade-broke-my-data-importer

Benjamin Eberlei's Blog:
Test your Legacy PHP Application with Function Mocks!
Mar 31, 2009 @ 16:18:31

Benjamin Eberlei has a suggestion for testing your application without having to mess around with creating new resources just for testing - use mocks.

Much talking is going on about Unit testing, Mocks and TDD in the PHP world. For the most this discussions surround object-oriented PHP code, frameworks and applications. Yet I would assert that the reality for PHP developers (me included) is dealing with PHP 4, PHP 5 migrated, or non-object oriented legacy applications which are near to impossible to bring under test.

He includes a "proof of concept" for a replacement mysql_query function (as created inside of Runkit) that sets up a "mocker" object that returns a "hello world" message when the mysql_query function is called.

tagged: mock function runkit proofofconcept mysqlquery resource

Link:

Stefan Esser's Blog:
CORE GRASP - PHP Tainted Mode
Aug 22, 2007 @ 21:19:27

Stefan Esser points out a new patch today - CORE GRASP - from the Core Security Technologies group that provides taint support surrounding the mysql_query function.

Their implementation adds a tainted or not flag for every byte so that it is possible on invocation of mysql_query() to determine any kind of injection.

Unfortunately, Stefan also mentions two big issues it might have from the get-go: the overhead for the memory needed can slow things down and an incorrect parsing in their query handler could lead to injection attacks.

tagged: core grasp patch php5 taint support mysqlquery security technologies core grasp patch php5 taint support mysqlquery security technologies

Link:

Stefan Esser's Blog:
CORE GRASP - PHP Tainted Mode
Aug 22, 2007 @ 21:19:27

Stefan Esser points out a new patch today - CORE GRASP - from the Core Security Technologies group that provides taint support surrounding the mysql_query function.

Their implementation adds a tainted or not flag for every byte so that it is possible on invocation of mysql_query() to determine any kind of injection.

Unfortunately, Stefan also mentions two big issues it might have from the get-go: the overhead for the memory needed can slow things down and an incorrect parsing in their query handler could lead to injection attacks.

tagged: core grasp patch php5 taint support mysqlquery security technologies core grasp patch php5 taint support mysqlquery security technologies

Link:

Internet Super Hero Blog:
PHP: mysqli_stmt_get_result()
Aug 22, 2007 @ 18:48:00

Frustrated with the lack of something simple (like mysql_fetch_assoc) in the new mysqli extension, this new function was created an posted about on the Internet Super Hero blog - mysqli_stmt_get_results.

By help of the new function, you can create a mysqli_result object from a statement that returns data (SELECT and other - version dependent!). Then you can use the mysqli_result object to process the returned data: fetch results, access meta data - all you can also do using a mysqli_result object returned by mysqli_query().

Included in the post are a few code examples showing the simplicity of the function and how it can still be used with the standard mysql_* functions to grab the results.

tagged: bind value mysqlstmtgetresult object mysqlquery simple bind value mysqlstmtgetresult object mysqlquery simple

Link:

Internet Super Hero Blog:
PHP: mysqli_stmt_get_result()
Aug 22, 2007 @ 18:48:00

Frustrated with the lack of something simple (like mysql_fetch_assoc) in the new mysqli extension, this new function was created an posted about on the Internet Super Hero blog - mysqli_stmt_get_results.

By help of the new function, you can create a mysqli_result object from a statement that returns data (SELECT and other - version dependent!). Then you can use the mysqli_result object to process the returned data: fetch results, access meta data - all you can also do using a mysqli_result object returned by mysqli_query().

Included in the post are a few code examples showing the simplicity of the function and how it can still be used with the standard mysql_* functions to grab the results.

tagged: bind value mysqlstmtgetresult object mysqlquery simple bind value mysqlstmtgetresult object mysqlquery simple

Link:


Trending Topics: