cypher86 Posted November 30, 2011 Share Posted November 30, 2011 hi there, i'm considering using one framework in order to migrate an "home" application in a more professional one. so i have 2 questions for you: 1) which framework?(never used one, i always programmed with notepad++) 2) when i create a query does a generic framework take care trasforming it in a prepare statement or there still be the problem with injections? 3) what about security in general using a framework??(xss, sql injection, .....) Link to comment https://forums.phpfreaks.com/topic/252103-framework-and-prepared-statement/ Share on other sites More sharing options...
trq Posted November 30, 2011 Share Posted November 30, 2011 Thats' 3 questions, most of which are pretty hard to answer. 1) This question has been asked many, many times. There is no "best" framework. 2) While frameworks help, you still need to know how to program. 3) See 2. Link to comment https://forums.phpfreaks.com/topic/252103-framework-and-prepared-statement/#findComment-1292546 Share on other sites More sharing options...
scootstah Posted December 1, 2011 Share Posted December 1, 2011 1) If you've never used a framework, then you can't go wrong with CodeIgniter. It has the best documentation by far, and is generally pretty beginner friendly - plus it's awesome. 2) Yes, generally SQL injection isn't an issue. 3) Most frameworks have lots of functionality that make security a lot easier and safer. Remember that frameworks are community driven, so security holes are usually found and patched quickly. Link to comment https://forums.phpfreaks.com/topic/252103-framework-and-prepared-statement/#findComment-1292936 Share on other sites More sharing options...
cypher86 Posted December 1, 2011 Author Share Posted December 1, 2011 cool but i wanted to know: does the framework deal himself with the prepared statement or i have to prepare the statement myself and then feed it to the framework? Link to comment https://forums.phpfreaks.com/topic/252103-framework-and-prepared-statement/#findComment-1292940 Share on other sites More sharing options...
trq Posted December 1, 2011 Share Posted December 1, 2011 does the framework deal himself with the prepared statement or i have to prepare the statement myself and then feed it to the framework? Like I said, you still need to know how to program. Link to comment https://forums.phpfreaks.com/topic/252103-framework-and-prepared-statement/#findComment-1292941 Share on other sites More sharing options...
cypher86 Posted December 1, 2011 Author Share Posted December 1, 2011 does the framework deal himself with the prepared statement or i have to prepare the statement myself and then feed it to the framework? Like I said, you still need to know how to program. we don't get each other....... i still have to do $sql->prepare(query) $sql->bind_param(param) $sql->execute() or it does that automagically? Link to comment https://forums.phpfreaks.com/topic/252103-framework-and-prepared-statement/#findComment-1292954 Share on other sites More sharing options...
trq Posted December 1, 2011 Share Posted December 1, 2011 I understand your questions completely. It completely depends on the framework, but yes, you still need to understand how things work. Link to comment https://forums.phpfreaks.com/topic/252103-framework-and-prepared-statement/#findComment-1292955 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.