Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
DB_escape_string
03-21-2014, 01:08 PM, (This post was last modified: 03-21-2014, 01:09 PM by icedlava.)
#39
RE: DB_escape_string
Hi serakfalcon,

Thanks for your comments.
Quote:You notice I have completely different code for the switch(gettype($val)) -> this is because gettype() returns a php type, so it will never return 'blob' for example, and will cause problems if a boolean is passed as a value.
There are some differences in your code for the switch. The switch I have is meant to gettype - that is the sole function there. Not processing different types of data for the database. That should be imho, done elsewhere and as per my comment on the example AddCustomerContact code, it would be good practice to ensure the bind vars are typed before you pass them.

Some comment on the getype switch:

1. Array/object- I would question why we would try to store an array into a single field in a database table. Similarly I know it has become in some people's mind, general practice to store a serialized/json_encoded object to a single field. There are pros and cons to using json_encode or serialize especially with regard to preserving type.

Whether to use one or other should be thought out - and depends on a number of factors including the database field type it's being saved to, php version, nesting levels in array, encodings, fidelity in 'type' of data that needs to be retained on getting data out, processing required on the data field and any ensuing performance issues, and so on. That is why I would not have the actual typing done for these arrays/objects in this DB_bindquery function which should be dumb in terms of what functioning the data coming in should do. Rather, I would leave it to the function handling the data to process it properly as required, and then pass it to the DB_bindquery function in properly typed bind var array.

2. Boolean - agree on your check for this. However, for the same reasoning above, I would hope the function passing in the data had already processed it accordingly (either directly or via some other function/api) and passed it to the DB_bindquery function.

Having the checks there for the above caters for loose coding, but I'd prefer we pick it up with an error and correct it at source.

(03-20-2014, 11:48 PM)serakfalcon Wrote: the $SQLArray = explode(' ', $query), while it is in the existing code, is brittle, for example, if there is a space before the statement it will cause the audit trail to not work on that SQL statement,
Yes, audit and error code is not my code. I believe generally the whole audit function in webERP could be revised to provide more functionality. I have already some changes here in private branches referred to elsewhere.

Quote:Of course, since I use ReflectionMethod the code is strictly PHP 5.3+ but i find it more clear and less likely to cause weird problems than call_user_func_array(),
You mean probs related to pass by ref or values? It is stricter than call_user_func_array but we are still coding for php < php 5.3. Thus there is the extra function in the code I posted to handle some issues related to that and ensuring consistent var passing in php > 5.3 eg refValue().

Quote:If we're planning on rewriting all this code, we should also consider adding support for table prefixes,
Yes, I think that is a good idea. In fact was confused when i was working on the installer regarding the current 'prefix' used there - it doesn't seem to have any relative value doing what it does at the moment.

All in all, whatever decisions are made there is a bit of work to do Smile

Cheers,


Reply


Messages In This Thread
DB_escape_string - by icedlava - 03-06-2014, 05:42 PM
RE: DB_escape_string - by serakfalcon - 03-06-2014, 06:26 PM
RE: DB_escape_string - by Forums - 03-06-2014, 06:26 PM
RE: DB_escape_string - by icedlava - 03-09-2014, 10:19 PM
RE: DB_escape_string - by Forums - 03-10-2014, 04:44 AM
RE: DB_escape_string - by icedlava - 03-10-2014, 10:31 AM
RE: DB_escape_string - by serakfalcon - 03-10-2014, 04:16 PM
RE: DB_escape_string - by icedlava - 03-10-2014, 04:38 PM
RE: DB_escape_string - by serakfalcon - 03-06-2014, 06:27 PM
RE: DB_escape_string - by Forums - 03-10-2014, 06:56 PM
RE: DB_escape_string - by icedlava - 03-10-2014, 07:13 PM
RE: DB_escape_string - by Forums - 03-10-2014, 10:52 PM
RE: DB_escape_string - by Forums - 03-11-2014, 05:03 AM
RE: DB_escape_string - by serakfalcon - 03-11-2014, 01:26 PM
RE: DB_escape_string - by Forums - 03-11-2014, 05:43 PM
RE: DB_escape_string - by weberp - 03-14-2014, 08:25 PM
RE: DB_escape_string - by icedlava - 03-14-2014, 08:33 PM
RE: DB_escape_string - by weberp - 03-14-2014, 09:02 PM
RE: DB_escape_string - by phil - 03-12-2014, 02:59 PM
RE: DB_escape_string - by icedlava - 03-12-2014, 03:39 PM
RE: DB_escape_string - by Forums - 03-12-2014, 08:20 PM
RE: DB_escape_string - by serakfalcon - 03-12-2014, 09:01 PM
RE: DB_escape_string - by icedlava - 03-12-2014, 09:08 PM
RE: DB_escape_string - by serakfalcon - 03-13-2014, 12:39 AM
RE: DB_escape_string - by icedlava - 03-13-2014, 11:55 AM
RE: DB_escape_string - by phil - 03-13-2014, 12:49 PM
RE: DB_escape_string - by icedlava - 03-13-2014, 01:03 PM
RE: DB_escape_string - by phil - 03-13-2014, 05:27 PM
RE: DB_escape_string - by icedlava - 03-13-2014, 05:52 PM
RE: DB_escape_string - by phil - 03-13-2014, 06:01 PM
RE: DB_escape_string - by icedlava - 03-13-2014, 06:39 PM
RE: DB_escape_string - by weberp - 03-16-2014, 03:19 AM
RE: DB_escape_string - by serakfalcon - 03-20-2014, 08:31 PM
RE: DB_escape_string - by weberp1 - 03-21-2014, 12:04 AM
RE: DB_escape_string - by serakfalcon - 03-21-2014, 01:50 AM
RE: DB_escape_string - by icedlava - 03-20-2014, 10:29 PM
RE: DB_escape_string - by serakfalcon - 03-20-2014, 11:48 PM
RE: DB_escape_string - by icedlava - 03-21-2014, 11:04 AM
RE: DB_escape_string - by icedlava - 03-21-2014, 01:08 PM
RE: DB_escape_string - by serakfalcon - 03-21-2014, 04:51 PM
RE: DB_escape_string - by icedlava - 03-21-2014, 05:48 PM
RE: DB_escape_string - by serakfalcon - 03-21-2014, 06:54 PM
RE: DB_escape_string - by icedlava - 03-22-2014, 12:31 AM
RE: DB_escape_string - by serakfalcon - 03-22-2014, 12:55 AM
RE: DB_escape_string - by phil - 03-22-2014, 03:20 PM
RE: DB_escape_string - by serakfalcon - 03-22-2014, 04:28 PM
RE: DB_escape_string - by phil - 03-23-2014, 09:00 AM
RE: DB_escape_string - by Uhuru - 03-23-2014, 08:27 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 03:22 AM
RE: DB_escape_string - by serakfalcon - 03-23-2014, 06:35 PM
RE: DB_escape_string - by Uhuru - 03-26-2014, 08:05 AM
RE: DB_escape_string - by icedlava - 03-26-2014, 12:51 PM
RE: DB_escape_string - by phil - 03-26-2014, 01:40 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 01:57 PM
RE: DB_escape_string - by Uhuru - 03-26-2014, 05:30 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 06:04 PM
RE: DB_escape_string - by serakfalcon - 03-26-2014, 06:20 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 06:27 PM
RE: DB_escape_string - by Uhuru - 03-26-2014, 06:42 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 06:46 PM
RE: DB_escape_string - by Uhuru - 03-26-2014, 06:34 PM
RE: DB_escape_string - by serakfalcon - 03-26-2014, 06:40 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 06:41 PM
RE: DB_escape_string - by serakfalcon - 03-26-2014, 07:38 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 08:01 PM
RE: DB_escape_string - by phil - 03-27-2014, 07:24 AM
RE: DB_escape_string - by icedlava - 03-27-2014, 11:56 AM
RE: DB_escape_string - by serakfalcon - 03-27-2014, 01:11 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 01:39 PM
RE: DB_escape_string - by serakfalcon - 03-27-2014, 03:32 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 03:38 PM
RE: DB_escape_string - by Exsonqu_Qu - 03-27-2014, 06:00 PM
RE: DB_escape_string - by Uhuru - 03-27-2014, 06:50 PM
RE: DB_escape_string - by Exsonqu_Qu - 03-28-2014, 12:26 PM
RE: DB_escape_string - by phil - 03-27-2014, 06:57 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 09:06 PM
RE: DB_escape_string - by Uhuru - 03-27-2014, 09:14 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 09:21 PM
RE: DB_escape_string - by Exsonqu_Qu - 03-28-2014, 12:44 PM
RE: DB_escape_string - by Uhuru - 03-27-2014, 10:48 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 10:55 PM
RE: DB_escape_string - by Uhuru - 03-27-2014, 11:44 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 11:55 PM
RE: DB_escape_string - by agaluski - 03-27-2014, 11:53 PM
RE: DB_escape_string - by serakfalcon - 03-28-2014, 01:31 PM
RE: DB_escape_string - by icedlava - 03-28-2014, 03:34 PM
RE: DB_escape_string - by Uhuru - 03-28-2014, 07:33 PM
RE: DB_escape_string - by phil - 03-28-2014, 08:05 PM
RE: DB_escape_string - by Uhuru - 03-31-2014, 04:27 PM
RE: DB_escape_string - by serakfalcon - 03-31-2014, 05:47 PM

Forum Jump:


Users browsing this thread: 2 Guest(s)