When do I support preprocessing?
Closed this issue · 5 comments
Occasionally see you write this class about PDO operation, very easy to use. If we support preprocessing, it will be perfect.
I could not exactly understand that you've mentioned. Could you explain that a bit more?
Well, let me write an example.
A simple PHP PDO preprocessing PHP PDO preprocessing:
class Pdox{
protected $pdo = null;
protected $param = [];
protected $where = '';
protected $table = '';
// ... code...
public function fetchAll()
{
$sql = sprintf("select * from `%s` %s", $this->table, $this->where);
$sth = $this->pdo->prepare($sql);
$sth = $this->formatParam($sth, $this->param);
$sth->execute();
$errorInfo = $sth->errorInfo();
if ($errorInfo[0]==='00000') {
return $sth->fetchAll();
}else{
exit($errorInfo[2]);
}
}
public function formatParam(PDOStatement $sth, $params = [])
{
foreach ($params as $key => &$value) {
$key = is_int($key) ? $key + 1 : ':' . ltrim($key, ':');
$res = $sth->bindParam($key, $value);
}
return $sth;
}
}
Because preprocessing is relatively safe, it is recommended that you support PDO's preprocessing so that the program will be more robust.
Oh. I understood you. I think we could thinking on this. Currently, we provide relatively safe through quote
method in PDO. Also, we can use all PDO methods through pdo
property on PDOx. For example:
// require vendor
// create a new object for PDOx called by $db
$db->pdo->prepare('...');
$db->pdo->execute();
// bla bla
But as I said, I understood you clearly. I will try to work related to this.
Thank you for your advice.
okay!