2014-02-16, 07:36 PM
In inc/db_mysql.php i still see mysql_connect() syntax like mysql_fetch_array() in there. Is there a way to check if Mybb is using my servers PDO module, and not old mysql ?
(2014-02-16, 08:04 PM)Euan T Wrote: [ -> ]MyBB's core database classes don't use PDO unfortunately. You should use the MySQLi database adapter (using mysqli_* functions) though as it's at least not deprecated (unlike the mysql_* functions).
(2014-02-16, 08:20 PM)KLOX94 Wrote: [ -> ]Why dont Mybb use PDO.It was simply not available when MyBB 1.x was initially developed. There is actually no real reason to switch from mysqli to PDO as it is still maintained and recommend by PHP team: http://www.php.net/manual/en/mysqlinfo.api.choosing.php
(2014-02-16, 08:20 PM)KLOX94 Wrote: [ -> ]Is that just there for fun ?It is used for SQLite.
(2014-02-16, 08:20 PM)KLOX94 Wrote: [ -> ]Sounds like you might be able to get it to work with some core edits then.(2014-02-16, 08:04 PM)Euan T Wrote: [ -> ]MyBB's core database classes don't use PDO unfortunately. You should use the MySQLi database adapter (using mysqli_* functions) though as it's at least not deprecated (unlike the mysql_* functions).What ? Are you kidding? Why dont Mybb use PDO. I see inc/db_pdo.php there. Is that just there for fun ?
require_once MYBB_ROOT."inc/db_".$config['database']['type'].".php";
switch($config['database']['type'])
{
case "sqlite":
$db = new DB_SQLite;
break;
case "pgsql":
$db = new DB_PgSQL;
break;
case "mysqli":
$db = new DB_MySQLi;
break;
default:
$db = new DB_MySQL;
}
Just play around with this bit in inc/init.php and you might be able to get it to work. Or just wait for MyBB to make the changes eventually.(2014-02-16, 09:06 PM)KLOX94 Wrote: [ -> ]Any idiot can play around with sql queries now via url modification. When will Mybb ever get up to date with the times!
(2014-02-16, 09:09 PM)Nathan Malcolm Wrote: [ -> ](2014-02-16, 09:06 PM)KLOX94 Wrote: [ -> ]Any idiot can play around with sql queries now via url modification. When will Mybb ever get up to date with the times!
Only if you're a sloppy developer. If you don't escape your inputs then yes, people can modify your queries.