Review my DB class

TlcAndres · 01-13-2008, 05:46 PM

I wrote a class to handle multiple databases (it currently handles mysql, mssql, sqlite) and I'd like your opinion on what can be done to improve it and such, it's very simplistic as far as database abstraction classes go.

Some examples of it's use

PHP Code:


			


<?



$db = new DB_handle('/home/users/www/scripts/','mysql','root','','test');



//returns a record class

$row = $db->Execute('select * from `table`');

echo $row->fields['name'];



//returns the very first result

echo $db->GetOne('select * from `table`');



//returns the very first row

$row = $db->GetRow('select * from `table`');

echo $row->fields['name'];

Note -- I also added a secure sql feature called ParseSql()

PHP Code:


			
 

$db = new DB_handle('/home/users/www/scripts/','mysql','root','','test');



$r = $db->ParseSql('select `email` where `id`=\'%b\'',$_GET['id']);



$email = $db->GetOne($r);

cherries · 01-14-2008, 02:34 AM

You just wasted a bunch of time: mysqli.

RobertK · 01-14-2008, 02:39 AM

Quote:

Originally Posted by cherries

You just wasted a bunch of time: mysqli.

Beg pardon? Since when could mysqli do:

Quote:

(it currently handles mysql, mssql, sqlite)

Last I knew, mysqli only covered, well, mysql. No need to be a jerk for how you tell someone "mysqli already exists".

RobertK · 01-14-2008, 10:23 PM

Sorry for the double post.

After finally taking the time to peruse your code Andres, I must say I like your method. Our style and implementation differ, but we think similarly. Good work on abstracting your database code away from the drudgery of repetition.

One thing I noticed is the difference in $myDb->mssql_escape() functions. Why not have an abstract function in the parent class and override that per child class. Just one call to escape for the object, regardless of internal type. No need to have independently named escape functions.

And MySQLi isn't nearly present enough in modern servers. My server with MySQL 5.0.45 and PHP 5.2.5 doesn't have it, and it's no guarantee anyone else does too. Never assume, always prepare for the worst.

TlcAndres · 01-14-2008, 10:38 PM

Thanks you, I plan to add more database support later on.

The reason I added the mssql was because of the lack of an escape_string() or escape_real_string() function in php (atleast...when I looked for it, and it's probably not a very good replacement at that..but it's better than nothing), it was supposed to be only internally (maybe I forgot to set it to private).

RobertK · 01-14-2008, 10:57 PM

I was also talking about delegating escaping the data to the classes themselves. That way no matter which version you've got, just call the escape function to have the database specific escape function(s) applied.

Good work on your part to write an mssql escape function. It's bad form for them not to have one.

TlcAndres · 01-16-2008, 10:21 PM

Sorry if it's annoying asking to go through my classes but I like feedback to further myself as a programmer, anywho...

The class handles MySQL,MSSQL, SQLite, PostgreSQL, Ibase, and has a generic ODBC driver

(please note, the classes don't dwelve into any of the special function provided by each of the databases, the class is only meant to retrieve data in an easy to use format)

created an escapestring function which works generically on everything...the bugginess an obtrusiveness of it has not been heavily tested so any feedback is more than welcome..

PHP Code:


			
//example of it
$db->escapeString($_GET['thingy']);

added a SqlEParse function which works something like sprintf or sprintsql(<-- my own function), it works basically like sprintf but it escapes every replacement character

PHP Code:


			
//example of it
$db->SqlEParse('some %s random %s',"stuf'f -- here is","w'oot");

added a sprintsql function which acts like sprintf but in tangest with a callback it takes the callback and acts upon all the strings which is not the sql statement or the callback itself

PHP Code:


			
//example of it
$db->sprintsql('some %s stuff, %s',"ra'ndom","here'",'addslashes');

Beyond that all the variables and such have been abstracted to the VariableScope class (new) so that they may easily accessed by all three classes (DB_handle,Record, DB driver)

It probably has a load of bugs and I'd be very grateful to anyone who is willing to test it out as well

Also the speed or lack there of is of concern to me so it's slow for anyone that feedback is also appreciated

(P.S. Salathe, your more than welcome to take a go at my code, or anyone else who feels like it too...Constructive criticisms is awesome)