[Owncloud] Commiting Oracle support tomorrow, beware of SQL without escaped identifiers

Thomas Müller thomas.mueller at tmit.eu
Tue Aug 28 08:53:42 UTC 2012 

Am Montag, dem 27.08.2012 um 21:57 schrieb Bernhard Posselt:
> > Instead of using the MDB2 'clob' type use 'text' and set a length.
> > CLOB is incompatible with indexes on some databases or MDB2 does not
> > handle it correctly. Without a length MDB2 will pick an internal length
> > which it thinks is right but breaks current mysql eg. And it will force
> > you to think on sensible text lengths which in general is "a good thing"
> > I think that's it.
> 
> Sorry, but I think this is the wrong way of doing it. Sometimes theres
> no alternative for Text. For instance in the newsapp this completely
> broke the articles because it cut off the closing html tags. And how
> long can an article be? Should we set a length of 10 million characters?
> And if something is longer than that, it will still break and produce
> weird bugs.
> 
> IMHO we should get a sensible ORM which doesnt force us to write SQL by
> hand. Also people shouldnt be exposed to the danger of accidentally
> overlooking an sql injection bug. Why are you using an abstractionlayer
> anyway that forces you to write SQL? IMHO the Oracle transition shows
> the problem of MDB2 pretty well.
> 

said many times before:
+1 for ORM

> As for the ORM choice, I only know of the Django and the Rails one, so
> what about http://www.phpactiverecord.org/ ? Didnt try it out by myself
> yet though.
>

hehe - being a rails developer I like the active record approach.
But from the first look phpactiverecord seems to be not that actively developed.

Any other active record libraries out there?

I had a quick look at doctrine and it looks promising:
- broad support on DBs (Sqlite, MySql, Postgres, DB2, MS-SQL, Oracle)
- query builder to write queries independent from the dbms
- or we can use a doctrine specific query language which does the same
- it uses annotations to map classes/properties on tables/columns

An alternative would be to use Propel (http://www.propelorm.org/)
I uses a different approach where the database schema is maintained in an XML file
and a code generator is used to create the classes.
This also an interesting idea as the generated classes are more specific - just look at the query example:
$books = BookQuery::create()
  ->filterByPublishedAt(array('min' => time() - 30 * 24 * 60 * 60))
  ->orderByTitle()
  ->find();

Any other ideas out there?

THX,

Tom aka DeepDiver

 
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

More information about the Owncloud mailing list