[development] Flex API, XML API modules are they needed?

David Metzler metzlerd at metzlerd.com
Wed Feb 11 05:18:19 UTC 2009

The article alludes to a security issue.  Anyone know what it is?  I  
get the stability concerns, which is why I coded in an extra layer at  
my end.  The SQL statements get rewritten into a numeric variable  
bind syntax before passing to the db layer in my implementation for  
just this reason.    A band of versions that include php 5.2.2 might  
be fatal to that idea :).

If this makes it in it sounds like it should be part of an XML  
specific db wrapper, but it sure doesn't sound like it make sense to  
focus my energies there.

On Feb 10, 2009, at 12:23 PM, andrew morton wrote:

> On Mon, Feb 9, 2009 at 2:00 PM, Larry Garfield  
> <larry at garfieldtech.com> wrote:
>> That's a different question, I think.  DBTNG uses arrays and named  
>> placeholders.  It sounds like David is talking about XPath based  
>> queries, which are another animal entirely and not DB portable.   
>> David, can you elaborate here?
>> DBTNG does not allow the reuse of placeholders within the same  
>> query, because PDO doesn't either.
>> --Larry Garfield
> Well technically only certain versions of the PDO don't allow it:
> http://paul-m-jones.com/?p=243
> I can't find the php.net issue for this but I seem to remember that
> the change was eventually reverted leaving a band of versions that
> don't allow it.
> andrew

More information about the development mailing list