Alternatives to stored procedures?

Question

The server my website is hosted on cannot upgrade to a newer version of MysQL (version 5 something), and the hosting company has disabled (after I had created many) stored procedures due to a security issue.

DELIMITER ;;
CREATE DEFINER=`blahblahblah`@`xx.xx.xx.%` PROCEDURE `get_bindings_chart`(IN in_layout_id TINYINT(3), IN in_game_id SMALLINT(5))
BEGIN
    SELECT  b.normal_group, b.normal_action, b.shift_group, b.shift_action, b.ctrl_group, b.ctrl_action, b.alt_group, b.alt_action, b.altgr_group, b.altgr_action, b.extra_group, b.extra_action, b.image_file, b.key_number
    FROM    bindings as b
    WHERE   b.layout_id = in_layout_id
    AND     b.game_id = in_game_id;
END ;;

What alternatives to stored procedures can I utilize? My website is mostly PHP. Are PHP alternatives a security risk? Thanks.

Bill Karwin · Accepted Answer

No language is proof against security issues. Security issues are the developer's responsibility.

Another way of looking at it is that you can write insecure apps in any language (including MySQL stored procedures), and likewise you can write secure apps in any language.

With respect to writing secure SQL in PHP code, you should read:

These should help give you awareness of the most common security mistake in SQL programming.

I seldom use stored procedures in MySQL, not because they are insecure (they aren't, as I said, security is up to the developer), but because MySQL stored procedures are hard to write. There's no debugger, there's no package support, there's no compiler, and it's an awkward language to write code in. Any task I could use a stored procedure for, I could write more easily in a scripting language like PHP or Python or Ruby.

Alternatives to stored procedures?

Answers (2)

Related Questions