July 19th, 2013, 04:49 AM
July 19th, 2013, 06:31 AM
I think the biggest issue is the lack of security. The values for the WHERE clause are passed to bound parameters, but all other input is just dumped directly into the query string. This makes all identifiers and the LIMIT clause vulnerable to SQL injections. The wrapper also uses fake prepared statements and doesn't let the user specifiy the character encoding. This is a massive security risk.
Apart from that:
Since your code is basically just an extension of the original class, you should actually extend this class rather than modifying the source. This way the original class can be updated at any time without you going through your code and adding the changes manually.
You have a lot of duplicate code, because you copied and pasted the logic for WHERE, ORDER BY, GROUP BY into every method that needs it. That obviously bloats the code unnecessarily and makes it hard to maintain. Define the logic once (in a private method) and then reuse it. That's the whole purpose of object orientation.
In general, I don't really see the benefit of this class compared to mainstream libraries like Doctrine, which are much more mature and convenient.
Just compare this:
->select(array('id', 'name', 'email'))
->where('id = 1')
->andWhere('name LIKE "bob%"')
->andWhere('email LIKE "%3%"')
array("id", "name", "email"),
array("id" => 1, "name" => "bob%", "email" => "%3%"),
array(">", "LIKE", "LIKE"),
array('id' => '')
Comments on this post
July 19th, 2013, 07:55 AM
Okay. Thanks for the feedback...
Originally Posted by Jacques1
I'll be having a look at doctrine.
Btw, do you think it'll be a good idea to use another ORM like Laravel's Eloquent if not Doctrine??
Waiting for your reply.
Thanks for reading, analysing and suggesting.
July 19th, 2013, 08:33 AM
Sure! Use whatever you like best.
Originally Posted by The Alchemist