View Issue Details

IDProjectCategoryView StatusLast Update
0000083WackoWikicorepublic2011-08-25 00:12
ReporterTann San Assigned To 
Status confirmedResolutionopen 
Target Version7.0.x 
Summary0000083: Use SQL Prepared Statements
DescriptionFor the PDO connection I had to use a custom string parser instead of the built in pdo::quote function as it kept breaking the wiki pages with it's double quoting of single quotes. It's non configurable and so I had to comment it out and write my own version. This problem could be avoided by using prepared statements. I'm not going to explain what they are since a google for "mysql prepared statement" will tell you everything you need to know. The gist is that they are good for us and we should be using them. The two downsides are:

1) The legacy MySQL driver doesn't support them afaik, please prove me wrong
2) It means re-writing ALOT of code, in fact almost every line that interacts with SQL will need rewriting. It's not hard work, it's just alot of work.
TagsNo tags attached.



2007-09-23 20:19

administrator   ~0000102

As long as the big providers do not offer PDO for MySQL in their shared hosting packages this should be a no go.

Tann San

2007-09-24 09:30

manager   ~0000104

well it depends on who you consider a big provider. since it comes with PHP5.1 and greater as default I don't see a problem with it. besides I left the legacy drivers in there anyhow.

Tann San

2007-10-04 09:30

manager   ~0000125

I read in the osCommerce forum that they use prepared statements with MySQL4. Ahhhh, I just had a google around and found that MySQL 4.1 and greater support prepared statements. This link describes it in more detail:

What is the minimum MySQL database supported by Wacko?


2007-10-04 16:15

administrator   ~0000126

we need feedback from the users, will prepare an survey


2011-08-24 13:09

administrator   ~0000807

Last edited: 2011-08-30 07:41

As soon as we get the 5.0 release out we can start using SQL Prepared Statements within the 6.0 branch and drop support for legacy drivers. Using only the PDO layer.

Issue History

Date Modified Username Field Change
2007-09-19 22:19 Tann San New Issue
2007-09-19 22:19 Tann San Legacy => NEW
2007-09-23 20:19 administrator Note Added: 0000102
2007-09-24 09:30 Tann San Note Added: 0000104
2007-10-04 09:30 Tann San Note Added: 0000125
2007-10-04 16:15 administrator Note Added: 0000126
2007-11-12 15:11 administrator Status new => feedback
2008-09-21 16:10 Tann San Target Version => 7.0.x
2010-03-08 10:12 administrator Category Core => core
2011-08-24 13:09 administrator Note Added: 0000807
2011-08-24 13:09 administrator Status feedback => confirmed
2011-08-30 07:41 administrator Note Edited: 0000807