Hacker News new | past | comments | ask | show | jobs | submit login

I can think of 300 sites that need to be re-coded off the top of my head if this is a hard stop on it. And I don't have time for that. Nor does anyone else. I understand what they're saying, and I understand the need to migrate over time ( i.e. stop using mysql and move to mysqli today ). But they need to be cognizant of how many hundreds of thousands of sites this will potentially effect. This is a security origin, but the effects would be felt in business bottom lines. if ( $hard_stop ), just to reiterate that...



At this point, the mysql extension has been a "don't use this, you idiot" for nearly a decade. I have no sympathy. None. Choosing to write bad code when examples to the contrary are all over the place means that when somebody finally Does The Right Thing, you will be in for a world of hurt.

Besides, I'm sure some well-meaning soul will come up with some API-identical library or another to drop in. Yes, it'll still take time; consider it penance for screwing up.

But as noted by a sibling comment, it's deprecated instead of being removed. You have plenty of time to not fix your sites, I guess.


A simple shim wouldn't be too difficult as the mysqli extension is very similar to the mysql one. Off the top of my head, you could try something like this for a quick & dirty way:

    $f = array_filter(get_defined_functions()['internal'], create_function('$i', 'return substr(0, 6, $i) === "mysqli_"'));
    foreach ($f as $func) {
      eval ('
          function ' . str_replace("mysqli", "mysql") . ' {
            return call_user_func(' . $func . ', function_get_args());
          }
      ');
    }


So, don't update to PHP 7 until you can change stuff? They're deprecating it now, but it's not even going to throw a warning before PHP 6, if you read the post. Deprecation moves slowly, and they won't outright remove it for a another few versions, so even if they do remove it for the hypothetical PHP 7, that'll be fast. (In the several years category of fast). Look how long it took them to remove magic_quotes. They've been telling people not to use that for years and years.

I mean, you can all but to mysqli with %s/mysql/mysqli/g if you wanted to be lazy about it. Most the mysql_ functions have mysqli_ equivalents. (But really you should be using the OO MySQLi at least, preferably PDO anyway).


Excuse me, but you seem to be under the mistaken impression that if this change goes through, the PHP project will forcibly upgrade the PHP installation on these small sites.

This is a change for future PHP versions. It will in no way affect the version of PHP the sites you refer to run, unless they run said future version, which is impossible. I'd suggest you remind the businesses that own these sites that there would be absolutely no reason for the to upgrade PHP versions if the software they're currently running satisfies them.


The problem with the NOOP solution is that most of the small sites (the ones with nobody doing ongoing maintenance) are hosted on managed shared servers -- avoiding an upgrade isn't an option. The site owners will just wake up one day to an inbox full of UR WEB IS BROKE emails if they're lucky, and may even understand enough of what the ISPs first-level help desk drone tells them to get it fixed. (I imagine, though, that accusations of extortion would be more likely, since the quick fix would be a VPS with a non-refundable one-time setup fee.)


http://gophp5.org

I can assure you the idea of shared hosts upgrading too quickly is a non-issue. It's 2011 and there are still shared hosts running PHP 4.


It's being deprecated; so it's not a hard stop. It says so right in the message: "Don't panic! This is not a proposal to add errors or remove this popular extension. Not yet anyway, because it's too popular to do that now"

The mysqli extension has been out for 5 years already, if you've got 300 sites that need to be recoded you might want to get on that. It's not difficult to switch from mysql to mysqli -- the API is very similar. But you have a long time; PHP 5.4 won't even deprecate it and it's not even released yet!


> The mysqli extension has been out for 5 years already

I believe mysqli and PDO were released with PHP 5.0. That's July 2004.

That's 7 years ago.


> I can think of 300 sites that need to be re-coded off the top of my head if this is a hard stop on it.

Do you understand written words? Because you don't seem to grasp the concept of deprecation.

> And I don't have time for that. Nor does anyone else. I understand what they're saying, and I understand the need to migrate over time ( i.e. stop using mysql and move to mysqli today ).

Actually, "stop using mysql and move to PDO/mysqli" has been the recommendation since PHP 5.0 was released.

It happened 7 years ago.

You only have yourself to blame.

Oh, and since you don't care for not-broken APIs, it's not like you'll have to migrate your sites to 5.4 (let alone 5.5), you can just stay on 5.3. There's no mandate here.


I guess there is a business opportunity then to write a module with the old API that keeps working with new versions of PHP.


FWIW most of the mysql_ functions have a direct counterpart in procedural mysqli_, with the exact same API.

mysqli even features the real_escape_string abortion


Or just run a sed command and fix a (very small) number of errors that'll pop up. mysqli is almost a drop-in replacement.


If you are a language maintainer, and you have a choice between removing a dangerous feature and not removing a dangerous feature, what should you do? At some point, you have to realize that languages and libraries which enable you to readily and repeatedly shoot yourself in the foot are a Bad Thing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: