I just discovered this tonight. (It wasn’t hard, I just had to RTFM).
In Kohana 3 you can query using prepared statements very easily. Prepared statements are important to protect against SQL injection attacks.
Below is a simple example:
$q = 'SELECT * FROM myTable WHERE id = :someId';
$results = DB::query(Database::SELECT,$q,TRUE)
->param(':someId',$MyId)
->execute();
- The first step here is to set a string in the query that is a place holder for the value that will be passed in seperately. In this case the placeholder is “:someId”
-
Next, when calling DB::query, the first argument must be the object that Kohana will use to hold the results. In this case that object is Database::SELECT
-
Then you pass in the information to the query using “->param(‘:someId’,$MyId)” This says that the value for ‘:someId’ is $MyId.
-
Finally you can execute the query.
For those of you who are familiar with Coldfusion this is exactly how cfqueryparam works behind the scenes; it creates placeholders and then passes the data in seperately. Cfquery then returns a cfquery object just like how Kohana is returning a DB::SELECT object.
It was a tough decision, but I’ve taken an position at another company. Today was my last day at Hasbro. I’ve loved working here and will certainly miss everyone.
Today I was going through an application turned over by a contractor and I began noticing that evaluate() was used frequently through out the code.
I thought by now we’d all know that using Coldfusion’s evaluate() function should be avoided. Evaluate() is a performance hit and is an indication of sloppy code. It may be possible that there are situations where it is unavoidable, but in my experience if you are considering to use evaluate() to solve a problem its a red flag that there is a better solution if you just think a little longer.
Structures
evaluate() example:
<cfloop from="1" to="10" index="i" >
<cfset blah = evaluate("myStruct.myKey#i#") />
</cfloop>With Structures it is easy to avoid using evaluate() as you can dynamically create the struct key such as:
<cfloop from="1" to="10" index="i" >
<cfset blah = myStruct["thisKey" & i] />
</cfloop>Queries
evaluate() example:
<cfset myfield = "blahblah" />
<cfloop quser="q" >
<cfset blah = evaluate("q.#myfield#]") />
</cfloop>Queries are not much different than structures. The trick is that you’ll need to explicitly define the current row. This is something that is normally implicit.
<cfset myfield = "blahblah" />
<cfloop quser="q" >
<cfset blah = q[myfield][q.currentrow] />
</cfloop>Function Calls
<cfset myvar = "FirstName" />
<cfset blah = evaluate("get#myvar#()") />Dynamically declaring function calls is a neat trick. The example code is a very (very) basic generic getter function, perhaps utilized within onMissingMethod(). Given any string it will try to call a getter function for that property. There is no other syntax to create this call. But using evaluate() should be a red flag. When you get into a situation such as this you should really ask yourself why you are organizing your code this way.
Perhaps you could forgo building a named function for each property and restructure your generic getter function to work like this:
<cfset myvar = "FirstName" />
<cfset blah = get(myvar) />
or possibly even simpler as:
<cfset myvar = "FirstName" />
<cfset blah = variables[myvar] />
You should definitely be asking yourself why you would call a generic getter function if you built named getter functions. (Maybe you’ve made the methods private?) This is a simple example, but either way evaluate() is most often a sign of a larger coding problem.
Today I did a reinstall of Apache and PHP. I used the latest versions of both Apache and PHP.
I downloaded the VC6 5.3 zip file but came to a problem when trying to install PHP as there was no php5apache2_2.dll file included in the zip download. I had downloaded the non-thread-safe version of PHP5.3. Apache2.2 only works with the thread-safe version, but the PHP downloads page does not make this clear. The PHP download page says:
Which version do I choose?
If you are using PHP with Apache 1 or Apache2 from apache.org
you need to use the VC6 versions of PHP
So for anyone else having this problem, use the thread-safe version!
(and skip the installer: its useless)
Brian Rinaldi over at RemoteSynthesis.com contacted me today and told me something that got me pretty excited. Evidently Mura CMS uses my AnythingToXML as part of its core requirements. I had to download Mura and see for myself; it does!
From the stats on RIAforge I can see that a few people have downloaded AnythingToXML but I never know if it worked out for them. Its great to see something that you built to get you out of a jam taking on a life of its own and helping other people out.
I have yet to work on a project using Mura, but from what I hear its a great content management system and is developer friendly. Hopefully I’ll get a chance to work with it soon.
