Recent Posts

Showing posts with label extension. Show all posts
Showing posts with label extension. Show all posts

Security risks and vulnerabilities associated with PHP’s mysql_ functions

8:54 PM 0

 Here are some considerations about mysql extension:

The mysql_* extension is completely obsolete and has been officially removed from PHP since version 7.0 (2015). Continuing to use it requires running an end-of-life version of PHP that no longer receives security patches, leaving your server vulnerable to exploits. Furthermore, it lacks modern database features such as:

  • Security: No support for prepared statements or parameterized queries (the standard for preventing SQL injection).

  • Performance: Missing asynchronous, non-blocking query capabilities.

  • Functionality: No support for transactions, stored procedures, or multiple statements.

  • Compatibility: It cannot handle the modern password authentication used in MySQL 5.6+ and lacks all features introduced in MySQL 5.1 or later.

 Here is a table of some considerations to have in mind:

FeatureStatus in mysql_*Modern Alternative (PDO/MySQLi)
Prepared Statements❌ Not Supported✅ Standard (Prevents SQLi)
Transactions❌ Not Supported✅ Full Support
Asynchronous Queries❌ Not Supported✅ Supported
Stored Procedures❌ Not Supported✅ Full Support
Modern Password Auth❌ Incompatible✅ Native Support


Read More
No comments:

How to: Extract file extension with PHP

5:34 PM 0
People from other scripting languages always think theirs is better because they have a built in function to do that and not PHP (I am looking at pythonistas right now.

In fact, it does exist, but few people know it. Meet pathinfo():

$ext = pathinfo($filename, PATHINFO_EXTENSION);
This is fast, efficient, reliable and built-in. pathinfo() can give you other information, such as canonical path, depending on the constant you pass to it.
Read More
No comments:
Subscribe to: Posts (Atom)