Tuesday, July 14, 2015

Major Web Site Rebuild

The PHP Group, which defines the PHP programming language, deprecated the mysql() function and replaced the function with the PDO object. The group has announced plans to completely remove the function in the upcoming release of PHP 7.

The mysql() function was open to SQL injection attacks. The function simply sends mysql commands from web server to the database server. Clever hackers learned that they could send code to web sites that could to break out of improperly formed SQL strings and take control of the server.

The PDO object has some additional features to fight such attacks. But if programmers fail to use the new features correctly, their scripts will still be subject to attack.
This change will force me to undergo a major rewrite of all of the programs I've written using PHP.

I've been anticipating this change for a few years. I've thrown hundreds of hours into experimenting with the new PDO object, and have yet to find a way to use the object elegantly.

I happen to be a fan of object design and I usually favor replacing functions with objects; so, I was surprised at my displeasure with the PDO object.

The problem I faced was not with the clunky object syntax in PHP. The problems I faced had to do with the scope of the objects. The mysql_query() function is a language construct and has a global scope. The PDO object only has local scope in the function that created it.

To use the PDO object one needs to either open multiple connections to the database to generate a web page. (which slows down web sites) or include in the code contortions to access the object as needed.

Whenever I have a problem with programming, my natural instinct is to assume that there is something wrong with me. I convinced myself that if I just kept reading programming manuals and online tutorials I would at some point light on an elegant way to employ the new PDO object.

Having read thousands of posts on Slashdot.org (a popular coding site), it finally dawned on me. Perhaps the problem is not with me, but with the direction that the PHP Group is taking their product.

It appears that the group is trying to go after the enterprise development market by turning their back on their primary market which is webmasters who want to add server side features to a web site.

Now, I need to rewrite my PHP web sites in preparation for PHP 7.0. As I engage in this project, I will open source portions of the code and write articles defending the approach I am taking toward web development. The goal of the project is to create a web site designed to aid in general research ahd authorship.

No comments: