[wp-hackers] Making WP more secure the evolutionary way
Florian Thiel
flo.thiel+wphackers at googlemail.com
Thu Jan 22 10:25:19 GMT 2009
On Thu, Jan 22, 2009 at 9:28 AM, Ryan McCue <ryanmccue at cubegames.net> wrote:
> DD32 wrote:
>> Also, It seems to be that you're suggesting in your patch that using
>> raw SQL (even though its prepared) is a bad idea? Or am i reading it
>> wrong? :)
>
> Removing raw SQL completely from anywhere but the abstraction is the
> whole point, as it allows the database system to be exchanged easily,
> even using non-SQL database systems.
Not exactly. My point is to centralise db access for security reasons.
Once you have abstractions everywhere, you can do good sanitation in
the abstraction and be done with it (have a look at my reply to DD32,
too).
Database independence would be a side effect if the abstraction did
not use any features specific to MySQL. But that would require the
additional step of making the queries database agnostic.
Florian
More information about the wp-hackers
mailing list