Hacker News new | past | comments | ask | show | jobs | submit login
Offline and back again: Surviving the PHP 7 upgrade by adding one letter (alanhogan.com)
11 points by alanh on Dec 14, 2019 | hide | past | favorite | 9 comments



> Sure enough, the page noted that after years of deprecation, “ext/mysql” had been removed from PHP.

“Years of deprecation” is putting it mildly. The original mysql library was long known to be a huge Achilles’ heel for PHP, missing lots of critical security features, such as prepared statements. mysqli was released as an improved alternative with PHP 4.1, which shipped in December 2001. The original mysql library was officially deprecated as of PHP 5.5; that one shipped in June 2013. By that point, all the literature on PHP best practices had been screaming at people to stop using the original library for more than a decade.

I’m struggling to think of any platform I’ve ever worked with that’s given people that much warning that some feature was going to go away.


Hi, author here. I have no doubt you’re right. My only lines of defense are that (1) I didn’t use MySQL directly and I didn’t open myself up to injection attacks, and (2) I stopped being a PHP dev years before 2013. This is custom, legacy code still powering my humble personal site after over a decade.


> I didn’t open myself up to injection attacks

Pretty sure you did. And even if you did not, 99% of other people did.


If you stopped being a PHP developer, then stop using it, put your (now deprecated) code offline, you are at risk and might put at risk others.


In terms of PHP, the strange thing here is you didn't get any errors (at least in logs). The default behaviour in webhosts is having PHP "display_errors" to off (so "blank pages", 500), BUT error_log enabled to some file that is accessible to you.

If nothing is shown at error logs, then you should try setting "error_reporting" to E_ALL and you should see something at logs after executing your PHP code.


First of all, it really shouldn't take any brain cycles to figure out that problems were caused by an 'automated upgrade from PHP 5.6 to PHP 7.2' (who does that anyways, and why?).

Second, it's almost 2020. Why there still isn't a better way to debug PHP than using die()?

And third, "mysqli" has been the defacto method for SQLing, while "mysql"was deprecated years ago.

I'm not sure why this is even in HN.


What do you mean "there still isn't a better way"?! There are plenty debugging tools, many with integrated support in most IDEs. But, honestly, the only time I needed them was to figure out the place for performance optimization, var_dump() + die() are really perfect to debug anything. In fact, I feel that the nature of PHP being "fresh start on every call" + no compilation needed makes it probably the easiest to debug language out there I know.


Let me introduce you to XDebug: https://xdebug.org

You can thank me later :-D


And it plugs into your favorite editor too! (Eg: Atom, VSCode, etc), it's super awesome!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: