Inherited code uses Pear's MDB2 - Safe to keep?

103 views Asked by At

I've just been given a huge PHP website that uses Pear's MDB2 for all its MySQL commands (but apparently doesn't use Pear for anything else -- at least not that I can see).

The hundreds of webpages I've been given are littered with code like this:

<body>
<h1>Admin</h1>
<?php
// Deal with acceditations
$CountAccreds = $mdb2->queryOne("SELECT COUNT(*) FROM enquiries WHERE Disputed = 1");
if($CountAccreds > 0)
{
echo "<blockquote><p><span style='color:red'>Disputed Enquiries</span> - There are currently $CountAccreds disputed enquiries requiring attention.";
echo "</blockquote>";
}
//
?>
...

(shudders)

There's no separation. No classes. No functions/methods. This all looks like very bad practice to me as it is -- especially for such a complicated site as this one -- but I'm not sure how bad practice the Pear usage is

On top of that, from what research I've done, it appears to me that a) MDB2 is considered out of date and b) Given that this website does not need to be portable in any way, in this situation it's pointless. (PDO probably more secure to boot?)

Is there any good reason not to strip MDB2 out of this project that I haven't thought of? Or, if I'm not going to refactor the code, and pull everything into classes and/or functions using PDO, should I leave it as it is?

In other words: How dangerous/bad practice is it to leave the MDB2 use in place?

1

There are 1 answers

1
cweiske On BEST ANSWER

It's code that works. Leave it as it is.

There are no known security problems with MDB2, so it is not dangerous to have it.

Also, MDB2 ist just a DB abstraction layer like PDO (it actually provides some more abstraction than PDO). Don't confuse the library with its usage.