it provides both Backend DB abstraction (allowing it to support more than just MySQL), as well as SQL parameters. This provides cleaner code, and allows you to skip the mysql_string_escape. Which if you're not very careful to use it every time you build a SQL string, can cause a SQL injection vulnerability.
I'll write up a patch for the current codebase that uses DB if you think it's a good way to go.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yeah, the example from which I derived the 'remember me' code used Pear, and that was my first introduction to it. I'd like to use it because it's more OO in nature, which is always a good thing, if you ask me.
Actually, I have no idea what the performance hit is for classes in PHP. In C++ it can be terrible or negligible, depending how careful you are...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm pretty sure Sourceforge uses PHP classes for a lot of it's stuff. gforge does, and they are pretty much the same codebase. So they can't be that bad, considering how high-hit sourceforge is.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It seems moderately useful. I think the best thing about it is that it will abstract out different databases. Using prepare() and execute() does seem to remove the quote() requirement, which is nice - the examples I'd seen before all use query(), which requires a quote() first anyway.
I'm not, however, impressed with DB_Dataobject, in particular the Schema file and auto generation stuff, which is too bad. I could really be missing something, though, since I've only been studying it for an hour or so.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yeah, if you'd like to patch that up, it'd be great. That'd be one more thing in the project that's OOP - a step in the right direction.
Meanwhile, I'm going to do a bit of cleanup on the two forms and try to figure out how to present $_SESSION variables to different parts of the application
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
just noticed a problem on the register page, on line 61, there's a hidden input box, for the site admin field. with that there anyone could make themself a site admin. should probably change the register page, so that if autofirst is on, it will just create the first person as admin on the insert.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Welcome to Open Discussion
Have at it, mates!
2 quick comments on the current tree
1. everything looks good so far.
2. Perhaps we should look into using the DB package for the database access.
http://pear.php.net/manual/en/package.database.php
it provides both Backend DB abstraction (allowing it to support more than just MySQL), as well as SQL parameters. This provides cleaner code, and allows you to skip the mysql_string_escape. Which if you're not very careful to use it every time you build a SQL string, can cause a SQL injection vulnerability.
I'll write up a patch for the current codebase that uses DB if you think it's a good way to go.
Yeah, the example from which I derived the 'remember me' code used Pear, and that was my first introduction to it. I'd like to use it because it's more OO in nature, which is always a good thing, if you ask me.
Actually, I have no idea what the performance hit is for classes in PHP. In C++ it can be terrible or negligible, depending how careful you are...
I'm pretty sure Sourceforge uses PHP classes for a lot of it's stuff. gforge does, and they are pretty much the same codebase. So they can't be that bad, considering how high-hit sourceforge is.
I've been looking at PEAR for a bit now.
It seems moderately useful. I think the best thing about it is that it will abstract out different databases. Using prepare() and execute() does seem to remove the quote() requirement, which is nice - the examples I'd seen before all use query(), which requires a quote() first anyway.
I'm not, however, impressed with DB_Dataobject, in particular the Schema file and auto generation stuff, which is too bad. I could really be missing something, though, since I've only been studying it for an hour or so.
Forgot to add:
Yeah, if you'd like to patch that up, it'd be great. That'd be one more thing in the project that's OOP - a step in the right direction.
Meanwhile, I'm going to do a bit of cleanup on the two forms and try to figure out how to present $_SESSION variables to different parts of the application
just noticed a problem on the register page, on line 61, there's a hidden input box, for the site admin field. with that there anyone could make themself a site admin. should probably change the register page, so that if autofirst is on, it will just create the first person as admin on the insert.
Ah, I love having another set of eyes on code. Thanks!
Smythe