View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000083 | WackoWiki | core | public | 2007-09-19 22:19 | 2011-08-25 00:12 |
| Reporter | Tann San | Assigned To | |||
| Priority | normal | Severity | tweak | Reproducibility | N/A |
| Status | confirmed | Resolution | open | ||
| Target Version | 7.0.x | ||||
| Summary | 0000083: Use SQL Prepared Statements | ||||
| Description | For the PDO connection I had to use a custom string parser instead of the built in pdo::quote function as it kept breaking the wiki pages with it's double quoting of single quotes. It's non configurable and so I had to comment it out and write my own version. This problem could be avoided by using prepared statements. I'm not going to explain what they are since a google for "mysql prepared statement" will tell you everything you need to know. The gist is that they are good for us and we should be using them. The two downsides are: 1) The legacy MySQL driver doesn't support them afaik, please prove me wrong 2) It means re-writing ALOT of code, in fact almost every line that interacts with SQL will need rewriting. It's not hard work, it's just alot of work. | ||||
| Tags | No tags attached. | ||||
|
|
As long as the big providers do not offer PDO for MySQL in their shared hosting packages this should be a no go. |
|
|
well it depends on who you consider a big provider. since it comes with PHP5.1 and greater as default I don't see a problem with it. besides I left the legacy drivers in there anyhow. |
|
|
I read in the osCommerce forum that they use prepared statements with MySQL4. Ahhhh, I just had a google around and found that MySQL 4.1 and greater support prepared statements. This link describes it in more detail: http://www.mysqlperformanceblog.com/2006/08/02/mysql-prepared-statements/ What is the minimum MySQL database supported by Wacko? |
|
|
we need feedback from the users, will prepare an survey |
|
|
As soon as we get the 5.0 release out we can start using SQL Prepared Statements within the 6.0 branch and drop support for legacy drivers. Using only the PDO layer. http://bobby-tables.com/php.html |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2007-09-19 22:19 | Tann San | New Issue | |
| 2007-09-19 22:19 | Tann San | Legacy | => NEW |
| 2007-09-23 20:19 | administrator | Note Added: 0000102 | |
| 2007-09-24 09:30 | Tann San | Note Added: 0000104 | |
| 2007-10-04 09:30 | Tann San | Note Added: 0000125 | |
| 2007-10-04 16:15 | administrator | Note Added: 0000126 | |
| 2007-11-12 15:11 | administrator | Status | new => feedback |
| 2008-09-21 16:10 | Tann San | Target Version | => 7.0.x |
| 2010-03-08 10:12 | administrator | Category | Core => core |
| 2011-08-24 13:09 | administrator | Note Added: 0000807 | |
| 2011-08-24 13:09 | administrator | Status | feedback => confirmed |
| 2011-08-30 07:41 | administrator | Note Edited: 0000807 |
