Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Since you need to support versions of PHP that don't support the extensions that have parameterized queries.


Except… you don't?

> WordPress also works with PHP 5.2.4+ and MySQL 5.0+, but these versions have reached official End Of Life and as such may expose your site to security vulnerabilities

> PDO ships with PHP 5.1, and is available as a PECL extension for PHP 5.0

Unless you mean "hosts that disabled PDO"… I think they can safely be ignored.


PDO is disabled by default, and was even on default installs of 5.6 last I checked.


Most Linux/BSD distributions seem to separate out "core" PHP extensions (those that are distributed with php source, not via peel) into individual packages.

So while PDO may not be installed by a plain `apt-get install php5` or similar, I doubt the now deprecated `mysql` extension is installed by "default" in those scenarios either.

Edit: this approach also means that the PDO extension in php.ini will be commented, because its loaded by a package specific ini file e.g. /etc/php/7.0/fpm/conf.d/* which are generally symlinks to /etc/php/7.0/mods-available/


Yeah — 'mysql' wouldn't be installed either on FreeBSD if you just install php. So typically hosting providers install all the extensions.


What "default"? Compiled from source? Debian package?

Just checked, seems enabled by default on FreeBSD.

(Commented out in php.ini doesn't mean disabled — here it's enabled in separate files like /usr/local/etc/php/ext-30-pdo_mysql.ini)

MODX Revolution uses PDO exclusively, never had problems with it on any hosting service.


I don't really understand your point. WordPress is ubiquitous. Until today I've never heard of MODX Revolution.

Commented out in php.ini does mean disabled - as in not enabled. PDO isn't enabled by default in FreeBSD you still need to install a separate package for PDO.


His/Her point was that if someone is still using shared hosting (where they can't change the extensions available) it would be very rare to find one that doesn't have PDO enabled.

> Commented out in php.ini does mean disabled - as in not enabled.

Not necessarily, as I explained here: https://news.ycombinator.com/item?id=13761550


Which version of PHP does WordPress support that doesn't support parameterised queries?

Here's a hint: Wordpress since v3.3 needs PHP 5.2+. MySQLi was added in PHP 5.0, PDO in 5.1

WordPress v3.3 was released in 2011.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: