mySQL: PHP or direct access?

Peter Haworth pete at
Thu Aug 13 23:44:10 CEST 2015

I agree that SQL doesn't have much in the way of data sanitizing but
Livecode does.  I also agree that there must be a good reason why most of
the world uses server side scripting, just trying to understand exactly
what that is.

I've been under the impression that if I use the variableslist parameter
available with the revDatabasexxx calls, I'm protected from SQL injection
attacks.  Even more so if I open the database connection using SSL. The
proverbial lightbulb will start to come on if that impression is wrong!

On Thu, Aug 13, 2015 at 2:27 PM Richard Gaskin <ambassador at>

> Peter Haworth wrote:
> > It still seems to me that, once security matters are dealt with, the
> choice
> > of server side script versus direct connection is more a matter of
> > preferred application architecture more than anything else.
> Ah, but there's the rub, "once security matters are dealt with".
> Correct me if I'm wrong, but as a storage-specific language I don't
> believe SQL offers as much for sanitizing as PHP, Ruby, LiveCode, and
> other more general languages.
> I think there's a good reason most of the world protects their DBs from
> open exposure to the Internet via an intermediary scripting language,
> more than just for the convenience of making REST APIs.
> --
>   Richard Gaskin
>   Fourth World Systems
>   Software Design and Development for the Desktop, Mobile, and the Web
>   ____________________________________________________________________
>   Ambassador at      
> _______________________________________________
> use-livecode mailing list
> use-livecode at
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:

More information about the use-livecode mailing list