Actually, Lukas Smith(MDB2 creator) contributed a patch that replaces the Pear::DB code with MDB2, which I believe has all the features of ADODB and more. I believe Thomas has asked for someone to completely get rid of the rcube_db layer, and directly use MDB2 calls instead, so if you're familiar with the DB code perhaps you could try that?
-- Praneet Kandula
On 10/16/05, garaged garaged@gmail.com wrote:
On Fri, 14 Oct 2005 10:34:14 -0500, garaged garaged@gmail.com wrote:
The postgress support (using pear) may be important, but doesnt make sense to port DB interaction to adodb ?? is there any reason for not using it and use pear libraries
I don't think there's any reason to switch now that it's in place. They are both capable packages.
I think ADODB it's a better tool, but thats just me, the main parameter for me it's adodb's cross plataform design, I know pear can be uses similar. I could make the porting and most parts would be almost as they are, and the logic would be practically the same too.
Then code like this (parameters indented for clarity):
$sql_result = $DB->query(sprintf("SELECT cache_id, data FROM %s WHERE user_id=%d AND cache_key='%s'", get_table_name('cache'), $_SESSION['user_id'], $key ) );
could be changed to this:
$sql_result = $DB->query(sprintf("SELECT cache_id, data FROM %s WHERE user_id=? AND cache_key=?", get_table_name('cache') ), array($_SESSION['user_id'], $key) );
Thoughts?
Not only attackable, but slower too, I think sprinf is still slower than echo, but that can be tested for modern versions of PHP.
Separating queries from the actual execution is cleaner and easier to debug too, but again is my opinion.
Max
-- -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L++>+++ E--- W++ N* o-- K- w++++ O- M-- V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+ z** ------END GEEK CODE BLOCK------