NYCPHP Meetup

[nycphp-talk] Accessing Oracle Database with PHP - best practices

Nunez, Eddy enunez at tiaa-cref.org
Wed Jun 28 17:52:58 EDT 2006


Hey there,

          I have a question/concern ... the XML-RPC "server" is written
in PHP I assume, if so you'll still be making OCI calls anyway.

As far as security is concerned, it starts with you.  Always carefully
evaluate/filter your query variables/strings for valid data before
sending it to the database.  That applies to your webpages and the
XML-RPC.

 

Regards,

-Eddy

________________________________

From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Mike Lynch
Sent: Wednesday, June 28, 2006 11:17 AM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] Accessing Oracle Database with PHP - best
practices

 

Hi All

 

Looking for some general advice here...

 

We have an Oracle 9i database on HPUX.

We access it in three ways

- legacy front end interface (internal users)

- PHP on the HPUX server using OCI calls (internal users)

- through a public web server (LAMP) using XML RPC (public)

 

We are getting rid of the legacy front end and rewriting the screens in
PHP. Our plan is to use the webserver and move away from servicing web
requests on the DB server.

 

Questions:

1. We've only used XML-RPC on a small scale and are not sure whether to
continue with this approach. Having said that, it's simple and it works.
But what about SOAP ? We have no experience of it but "feel" we should
be using it. 

 

2. XML-RPC has proved fine for just calling stored procedures on the DB
server but should we be using something like ADODB which would
potentially make coding/designing a lot easier if we want to go the
whole data abstraction route. This however uses OCI calls to the
database. 

The webserver will be in the public domain. Is it safe to connect to the
production DB using OCI calls ?

 

Any advice would be appreciated

Thanks

 

Mike

 

 

 

 

 



**************************************************************
This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law.  If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies.  You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.
TIAA-CREF
**************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20060628/764396d6/attachment.html>


More information about the talk mailing list