[nycphp-talk] Accessing Oracle Database with PHP - best practices

Hans Zaunere lists at
Wed Jun 28 20:26:34 EDT 2006

Hi Mike,

Mike Lynch wrote on Wednesday, June 28, 2006 11:17 AM:
> Hi All
> Looking for some general advice here...
> We have an Oracle 9i database on HPUX.
> We access it in three ways
> - legacy front end interface (internal users)
> - PHP on the HPUX server using OCI calls (internal users)
> - through a public web server (LAMP) using XML RPC (public)
> We are getting rid of the legacy front end and rewriting the screens
> in PHP. Our plan is to use the webserver and move away from servicing
> web requests on the DB server.  
> Questions:
> 1. We've only used XML-RPC on a small scale and are not sure whether
> to continue with this approach. Having said that, it's simple and it
> works. But what about SOAP ? We have no experience of it but "feel"
> we should be using it.

Simple and it works?  Stick with it...

SOAP is quite complex, and while it may feel right now, once you start using
it, that feeling may quickly change.  And since this is internal, the added
complexity of publishing services, will likely get in the way.  Plus, you're
team is likely comfortable with XML-RPC already, so at this stage, it
probably doesn't make sense to bring in another new learning curve.

> 2. XML-RPC has proved fine for just calling stored procedures on the
> DB server but should we be using something like ADODB which would
> potentially make coding/designing a lot easier if we want to go the
> whole data abstraction route. This however uses OCI calls to the

Since it appears as though you are working with a single database technology
- Oracle - why abstract?  Sure, people will say "well, there's a chance
we're going to change the database at some point."  Ok, but database changes
aren't trivial - you don't hot-swap a database out for another technology -
and using an "abstracted" database access method will be the least of the

> database. The webserver will be in the public domain. Is it safe to
> connect to the production DB using OCI calls ?

As Eddy pointed out, security is a very large picture.  But done right,
sure, it could be safe.  OCI is one of the most mature and heavily tested
database connection methods out there, and again, you have the expertise
already (which is usually the toughest part of OCI), so you're more likely
to do it right, than with a new technology.

Hans Zaunere / President / New York PHP  /

More information about the talk mailing list