Results 1 to 3 of 3

Thread: SQL's advantages over text files

  1. February 19th, 2006, 03:49 AM #1
    J_K9
    J_K9 is offline
    Senior Member
    Join Date
    Jul 2004
    Posts
    548

    SQL's advantages over text files

    I was just wondering how an SQL database provides advantages over a text file when being handled by PHP, when the text file is laid out similar to a CSV. For example, I could have a table like the following:
    Code:
    Name | Email
Joe | joe@joe.com
Ben | ben@ben.com
Kim | kim@kim.com
    This would be fine as a table in a database, but couldn't this just be in a text file using the | as separators? This wouldn't automatically rule out security issues like SQL injection and the like, while still providing a medium from which data can be read (and fairly easily).

    Admittedly, looking through a text file with data like the stuff above would be hell, whereas a database would be much more pleasant and easy to read - but, there is one method of attack less to try to defend.

    PHP can write to databases, but writing to a text file on certain lines and cells would be impossible, so in a writing case SQL takes first place. But if it's only reading data to sort into a nice viewable format, surely a plain text file with a set separator would do nicely?

    Just wanted to hear your opinions on this.

    Cheers,

    -jk
    Reply With Quote Reply With Quote
  2. February 19th, 2006, 05:50 AM #2
    Soda_Popinsky
    Soda_Popinsky is offline
    Join Date
    Nov 2003
    Posts
    1,426
    You can't query a text file quickly. Read about indexing:
    http://en.wikipedia.org/wiki/Database#Indexing

    Security isn't about cutting functionality, is about securing required functionality. I would accept the risk of attacks like SQL injection for the benefits of a DBMS.

    Is having a webserver on an ecommerce website a risk? If so, would you restrict access to port 80?
    Reply With Quote Reply With Quote
  3. February 19th, 2006, 12:35 PM #3
    J_K9
    J_K9 is offline
    Senior Member
    Join Date
    Jul 2004
    Posts
    548
    Originally posted here by Soda_Popinsky
    You can't query a text file quickly. Read about indexing:
    http://en.wikipedia.org/wiki/Database#Indexing

    Security isn't about cutting functionality, is about securing required functionality. I would accept the risk of attacks like SQL injection for the benefits of a DBMS.

    Is having a webserver on an ecommerce website a risk? If so, would you restrict access to port 80?
    Point taken and accepted. Up to now I've never really had any experience with databases (and I'm still learning PHP), so I wanted to minimise risks. But, security by losing functionality isn't the way to go (as you said) - and a text file being used as a database would be a nightmare

    Do you know any good SQL injection articles I could read, and in particular how to secure against them? I already found some info in SANS' reading room and in the PHLAK documentation, but I want to get more informed before I start using SQL. Google also provided some nice articles, but recommendations are welcome

    Thanks,

    -jk
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules