Question
I've just been given a huge PHP website that uses Pear's MDB2 for all its MySQL commands (but apparently doesn't use Pear for anything else -- at least not that I can see).
The hundreds of webpages I've been given are littered with code like this:
https://stackoverflow.com/questions/20330498
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<body>
<h1>Admin</h1>
<?php
// Deal with acceditations
$CountAccreds = $mdb2->queryOne("SELECT COUNT(*) FROM enquiries WHERE Disputed = 1");
if($CountAccreds > 0)
{
echo "<blockquote><p><span style='color:red'>Disputed Enquiries</span> - There are currently $CountAccreds disputed enquiries requiring attention.";
echo "</blockquote>";
}
//
?>
...
(shudders)
There's no separation. No classes. No functions/methods. This all looks like very bad practice to me as it is -- especially for such a complicated site as this one -- but I'm not sure how bad practice the Pear usage is
On top of that, from what research I've done, it appears to me that a) MDB2 is considered out of date and b) Given that this website does not need to be portable in any way, in this situation it's pointless. (PDO probably more secure to boot?)
Is there any good reason not to strip MDB2 out of this project that I haven't thought of? Or, if I'm not going to refactor the code, and pull everything into classes and/or functions using PDO, should I leave it as it is?
In other words: How dangerous/bad practice is it to leave the MDB2 use in place?
Solution
It's code that works. Leave it as it is.
There are no known security problems with MDB2, so it is not dangerous to have it.
Also, MDB2 ist just a DB abstraction layer like PDO (it actually provides some more abstraction than PDO). Don't confuse the library with its usage.
