NYCPHP Meetup

[nycphp-talk] FW: Accessing Oracle Database with PHP - best practices

Nunez, Eddy enunez at tiaa-cref.org
Wed Jun 28 18:03:37 EDT 2006


Man! I just re-read my email ... My brain must have farted on that first
statement, sorry.

I'm not even sure what I was trying to say...

 

If you want to take advantage of data abstraction, take a look at PDO.
Ilia gave a good presentation at the conference going over it's merits
... e.g. "it's completely written in C, so you know it's pretty fast!"

 

-Eddy

________________________________

From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Nunez, Eddy
Sent: Wednesday, June 28, 2006 5:53 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Accessing Oracle Database with PHP - best
practices

 

Hey there,

          I have a question/concern ... the XML-RPC "server" is written
in PHP I assume, if so you'll still be making OCI calls anyway.

As far as security is concerned, it starts with you.  Always carefully
evaluate/filter your query variables/strings for valid data before
sending it to the database.  That applies to your webpages and the
XML-RPC.

 

Regards,

-Eddy

________________________________

From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Mike Lynch
Sent: Wednesday, June 28, 2006 11:17 AM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] Accessing Oracle Database with PHP - best
practices

 

Hi All

 

Looking for some general advice here...

 

We have an Oracle 9i database on HPUX.

We access it in three ways

- legacy front end interface (internal users)

- PHP on the HPUX server using OCI calls (internal users)

- through a public web server (LAMP) using XML RPC (public)

 

We are getting rid of the legacy front end and rewriting the screens in
PHP. Our plan is to use the webserver and move away from servicing web
requests on the DB server.

 

Questions:

1. We've only used XML-RPC on a small scale and are not sure whether to
continue with this approach. Having said that, it's simple and it works.
But what about SOAP ? We have no experience of it but "feel" we should
be using it. 

 

2. XML-RPC has proved fine for just calling stored procedures on the DB
server but should we be using something like ADODB which would
potentially make coding/designing a lot easier if we want to go the
whole data abstraction route. This however uses OCI calls to the
database. 

The webserver will be in the public domain. Is it safe to connect to the
production DB using OCI calls ?

 

Any advice would be appreciated

Thanks

 

Mike

 

 

 

 

 



**************************************************************
This message, including any attachments, contains confidential
information intended for a specific individual and purpose, and is
protected by law. If you are not the intended recipient, please contact
sender immediately by reply e-mail and destroy all copies. You are
hereby notified that any disclosure, copying, or distribution of this
message, or the taking of any action based on it, is strictly
prohibited.
TIAA-CREF
**************************************************************



**************************************************************
This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law.  If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies.  You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.
TIAA-CREF
**************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20060628/dd28bc32/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT6695147.txt
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20060628/dd28bc32/attachment.txt>


More information about the talk mailing list