Hacker News new | past | comments | ask | show | jobs | submit login

Using unsanitized $_GET is the least of their problems considering mysql_* is deprecated.



So a gaping security hole that compromises all data is less important than using a deprecated interface?


For an application with no exposure, arguably it is.

When you upgrade to PHP 5.6 and your application grinds to a halt because mysql_query isn't available, you'll be wishing you'd fixed it sooner.


If you're on RHEL/CentOS, 2023 is gonna be a bad year.

(RHEL/CentOS is currently on PHP 5.3 and will stay there for a long time.)


He said it was the least of their problems, not that it was the least important.


I'm sorry, isn't that the same thing?


I believe the ext/mysql is deprecated, not the function names. Mysqlnd is a drop in replacement and unencumbered by the copyleft license issues that plague the original extension.


The mysql_* function API is part of ext/mysql and is deprecated — mysqlnd is a lower level library that basically replaces libmysqlclient in the stack (and is used from PDO and mysqli as well).

I'd be interested in a cite on the licensing issues, incidentally; I'm not aware of anything. (There _is_ an issue with the JSON extension at present, though, so it's not impossible.)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: