[development] Flex API, XML API modules are they needed?
David Metzler
metzlerd at metzlerd.com
Wed Feb 11 05:18:19 UTC 2009
The article alludes to a security issue. Anyone know what it is? I
get the stability concerns, which is why I coded in an extra layer at
my end. The SQL statements get rewritten into a numeric variable
bind syntax before passing to the db layer in my implementation for
just this reason. A band of versions that include php 5.2.2 might
be fatal to that idea :).
If this makes it in it sounds like it should be part of an XML
specific db wrapper, but it sure doesn't sound like it make sense to
focus my energies there.
Dave
On Feb 10, 2009, at 12:23 PM, andrew morton wrote:
> On Mon, Feb 9, 2009 at 2:00 PM, Larry Garfield
> <larry at garfieldtech.com> wrote:
>>
>> That's a different question, I think. DBTNG uses arrays and named
>> placeholders. It sounds like David is talking about XPath based
>> queries, which are another animal entirely and not DB portable.
>> David, can you elaborate here?
>>
>> DBTNG does not allow the reuse of placeholders within the same
>> query, because PDO doesn't either.
>>
>> --Larry Garfield
>
> Well technically only certain versions of the PDO don't allow it:
> http://paul-m-jones.com/?p=243
>
> I can't find the php.net issue for this but I seem to remember that
> the change was eventually reverted leaving a band of versions that
> don't allow it.
>
> andrew
More information about the development
mailing list