That may be the beauty of Open Source, but when you're trying to minimize security risks, adding on another layer of possible security failure is just that... another security hole needing patching. It's like having 3 bank robbers, then adding a 4th and saying "it's only one more robber... they can't possibly do any more harm than having only three". However, if you like it, then that's cool. I personally, don't like frameworks either. I have enough issues with OS' not being fast w/ security fixes. Apache, PHP, MySQL, OpernSSH, my own PHP code, phpBB, Gallery, and a few other things... add in a framework, and I'd be in for a world of hurt. One thing does come to mind when you mentioned frameworks... one for which I have a rather livid hatred for... SmartyPHP. Smarty is one of the worst pieces of crap I have ever seen, and I have to use it for a particular application, "because that is what the developer used, and I *have* to use that app." If you want secure code, do it yourself, unless you don't mind putting blind faith in a 3rd party app. Sometimes I do, which is why I use phpBB and the like. I sure as heck am not building my own forum software. Ciao, Tony E "Raptus regaliter" jaraeth@phoenixwing.com http://www.phoenixwing.com/ Eric Cope wrote: > Isn't that the beauty of open source, you can fix it as you wish? > You trust PHP, the web server, the database, and any other software to > be secure, why draw the line between those pieces of software and > frameworks? > > I see it as one more layer to secure, but the beauty of frameworks is > that there are that many more eyes pouring over the code and testing it... > > thoughts? > > On Sun, Apr 12, 2009 at 9:13 PM, Kenny Pepiton > > wrote: > > I myself don't trust PHP frameworks for the simple reason of > understanding the code that goes into my site as well as understanding > the security vulnerabilities that my own code creates. I am not very > fond of not knowing where my code vulnerabilities lie and waiting > patiently for a fix in the framework to keep my sites securely coded. > > Kenny > > > Eric Cope wrote: > > Use a PHP framework like CakePHP or CodeIgniter and life is much > better... > > > > > > On Sun, Apr 12, 2009 at 7:47 PM, Craig White > > > >> > wrote: > > > > On Sun, 2009-04-12 at 15:13 -0700, A. W. Wright wrote: > > > Craig White wrote: > > > > just want the max of an integer field ultimately into a > variable. > > > > > > > > > > > $MaxSalesOrders = 'SELECT MAX(orderno) FROM salesorders;'; > > > > mysql_connect("$HOST", "$USER", "$PASSWD"); > > > > mysql_select_db("lighting_unlimited"); > > > > $MaxSalesOrdersResult = mysql_query($MaxSalesOrders); > > > > mysql_close(); > > > > echo var_dump($MaxSalesOrdersResult) . " - " . \ > > > > $MaxSalesOrdersResult; > > > > ?> > > > > > > > > seems pretty straight forward. In mysqlclient, the answer is > > of course > > > > returned - perhaps as a row, I'm never quite sure. > > > > > > > > The code above returns the following in a browser... > > > > > > > > resource(6) of type (mysql result) - Resource id #6 > > > > > > > > and I've been trying all sorts of things 'SELECT AS...' and > > Googled for > > > > several hours and I'm sort of convinced that what is being > > returned from > > > > the sql query is neither an array, nor string and has to be > > converted > > > > into a variable that is useful to me. > > > > > > > > Anyone know how to do this (i.e. without pear-db)? > > > > > > > > Craig > > > > > > > mysql_query (and mysqli_query) doesn't actually give you > the resuly, > > > just a pointer to it. Use the mysql_fetch_assoc (returned > array > > indexed > > > by column name) or mysql_fetch_row (indexed by column order) > > function to > > > get that, and see http://us2.php.net/mysql_query for more > > information. > > ---- > > yeah that was it. I was sort of looking at that, trying to > > decipher the > > api of the software I was working on and then creating my own > > connections out of the program so I could test bits of code. I'm > > easily > > confused I guess. ;-) > > > > One thing is certain, I have been spoiled by ruby on rails > and php > > just > > seems so crude and ugly now. > > > > Thanks > > > > Craig > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > --------------------------------------------------- > > PLUG-discuss mailing list - > PLUG-discuss@lists.plug.phoenix.az.us > > > > > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > > ------------------------------------------------------------------------ > > > > --------------------------------------------------- > > PLUG-discuss mailing list - > PLUG-discuss@lists.plug.phoenix.az.us > > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > ------------------------------------------------------------------------ > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss