Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
The last PHP wrapper for MySQL you'll ever need (github.com/dionyziz)
2 points by gtklocker on Nov 25, 2011 | hide | past | favorite | 4 comments


https://github.com/indyarmy/MDW

This has the limitation of not being able to chain queries via OOP, but does use PDO and is tested enough to be considered stable.


Ok.. constructive criticism here... not trolling...

A) Not a class. Who writes non-oop PHP anymore? B) Globals. Seriously? What if I need 2 connections in a page load? This won't work. C) Use PDO.

I see the value of the exercise, and I applaude you for it, but PDO has TRILLIONS of sql queries under its belt.

You should use PDO.


One non-obvious benefit of PDO is that it lets you separate data from the query, making it much more secure to SQL injection attacks.

Also, as a rule, never put SQL in the page you're rendering... you want it in another class, away from your code so that you only have to write it once if it's used in numerous places.


Couple other issues with this, which make it not very useful... for one thing, SELECT * is notoriously slow compared with selecting just the columns you want, and your select wrapper doesn't allow for joins which makes it less robust. Plus there's no way this can handle subqueries or anything like that obviously, so it's not really uh, useful.

More critically, you're using a lot of addslashes, which is not a safe way to escape input. You need to use mysql_real_escape_string or you're open to injection attacks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: