On Fri, 12 Jan 2007 11:40:32 -0500
Robert Cummings <[EMAIL PROTECTED]> wrote:
> On Fri, 2007-01-12 at 15:57 +0000, Tim Starling wrote:
> >
> > Limits, table names, and several other query parts are protected by
> > MediaWiki's query builder. A complex select query might look like this:
> >
> > $result = $db->select(
> > # Tables
> > array( 'user', 'revision' ),
> > # Fields
> > array( 'user_name', 'rev_timestamp' ),
> > # Conditions (WHERE)
> > array(
> > 'user_id=rev_user',
> > 'rev_page' => $page_id
> > ),
> > # Query tag, goes into a comment in the SQL
> > __METHOD__,
> > # Options
> > array(
> > 'LIMIT' => 10,
> > 'ORDER BY' => 'rev_timestamp DESC',
> > )
> > );
> >
> > It even has some degree of DBMS-independence, thanks to creative
> > interpretation of the options parameter. This is what I would like to see
> > in the PHP core.
>
> Wow, that's hideous!
Agreed. That's pretty awful. What's wrong with the way Java does things?
db->query("select user_name, rev_timestamp from user, revision " .
"where user_id=rev_user, rev_page=? " .
"limit 10 query by rev_timestamp desc", $page_id);
This is much easier on the eyes since it only parameterizes the parameter.
Does JDBC have some intelligence about fields that makes this difficult
to implement?
This would be very simple to implement if the query method just called
mysql_real_escape string or whatever escape function the db required
(e.g. pgsql's string escape fn).
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
