Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest sNews - sNews 1.7 - with its own forums - for discussion and user mods.

Author Topic: eBookCMS PDO  (Read 257 times)

Rui Mendes

  • Development,Testing, Support
  • Hero Member
  • *****
  • Karma: 195
  • Posts: 1009
  • sNews1.7
    • Comunidade Portuguesa
eBookCMS PDO
« on: December 25, 2012, 01:07:35 PM »

Hello my friends, I hope everyone is fine.

Sorry I was so busy with my project eBookCMS, I made new version PDO with several changes and fix Rich-Text Editor against to XSS attacks.

Next 2 weeks I will create documentation, new template for oficial website.

Right now I search jobs only on Europe. I will left Portugal and move to Germany or other country.
 

I wish a Merry Christmas to everyone.
Logged
Need a Job on Europe. Linkdin - Facebook / Group

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
Re: eBookCMS PDO
« Reply #1 on: December 25, 2012, 07:19:51 PM »

Merry Christmas to you too Rui and good luck with the job search in Europe.  :)
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

nukpana

  • Hero Member
  • *****
  • Karma: 71
  • Posts: 663
Re: eBookCMS PDO
« Reply #2 on: December 25, 2012, 09:05:41 PM »

Merry Christmas to you too Rui and good luck with the job search in Europe.  :)
Same to you Doug, Rui, & everyone else!
Logged

sibas

  • Sr. Member
  • ****
  • Karma: 23
  • Posts: 451
    • www.simply4all.net
Re: eBookCMS PDO
« Reply #3 on: December 26, 2012, 10:50:03 AM »

Merry Christmas and hope a better new year to all!
Logged

nukpana

  • Hero Member
  • *****
  • Karma: 71
  • Posts: 663
Re: eBookCMS PDO
« Reply #4 on: December 31, 2012, 06:36:39 AM »

Rui,

Hope things are well with you.  I took a quick peek at your latest version, and since I don't have mySQL installed on my Macbook, I figure I try to check out your system with SQLite..., but I didn't get to far..

1) You are using PDO, but you don't provide an alternate SQL for other DBs, (or for SQLite, a preinstalled DB file). You could just use mysqli instead, if you are not focusing on other DBs.

2) Character Setting - for the SQL side, it seems a bit much - almost every column has "CHARACTER SET utf8 COLLATE utf8_bin". Why do the character setting multiple times - (PDO connection (BAD!), mySQL SQL file, then on every non-int column).
It's not even supported on SQLite: http://www.alberton.info/dbms_charset_settings_explained.html

3. PDOstmnt::execute only parse prepared statements for strings only, but I see in your code for integers as well.  Is this what you intended?
http://php.net/manual/en/pdostatement.execute.php

4. You have some code that consistently should be in prepared statements - ie:
ebookcms.php line 126:
p.seftitle = '$pagename'
s/b
p.seftitle = :pagename

ebookcms.php line 402:
seftitle = '$extraName'
s/b
seftitle = :extraName

(also (wtype = 6 OR wtype = 7 OR wtype = 8) could just be: wtype IN(6,7,8) *untested..)

5. (Suggestion) Consistant prepared statement ? or named:
ie ebookcms.php starting at line 924:
Code: [Select]
$query = "INSERT INTO ".PREFIX."comments (page_id, reply_id, user_id, user_ip, name, avatar_email, url, comment, time, approved, key_security, delkey)
VALUES (:page_id, :reply_id, :user_id, :ip_address, :name, :avatar, :website, :text, :date, :approve, :ks, :delkey);";
$array = array(':page_id' => $page_id,':reply_id' => $reply_id,':user_id' => $user_id,':ip_address' => $ip_address,':name' => $name,':avatar' => $avatar,':website' => $website,':text' => $text,':date' => $date,':approve' => $approve,':ks' => $ks,':delkey' => $delkey);
$sql = $conn -> prepare($query);
$sql -> execute($array);

ie ebookcms.php starting at line 979
Code: [Select]
$sql = "UPDATE ".PREFIX."logs SET fail = ?, fail_date = ? WHERE id = ? AND log_date = ? AND browser_id = ?";
$qx = $conn -> prepare($sql);
$qx -> execute(array($fail, $fail_date, $id, $day, $browser_id));

6. global $conn? Why not follow my lead an just wrap the db in a function:
Code: [Select]
function db() {
static $db;
if( !$db ) {
$db = FALSE;
try {
$db = new PDO($stmt, $usr, $pw, (array) $options);
} catch( PDOException $e ) {
die( $e->getMessage() );
}
}
return $db;
}

// Ex:
db()->query('Select * from table');

7. (Suggestion) All the ".PREFIX."table I see, why not just throw it in a fn wrapper:
Code: [Select]
fn pfx( $str ) {
   return PREFIX . $str;
}

db()->query('SELECT * FROM '.pfx('table'));
Logged

Rui Mendes

  • Development,Testing, Support
  • Hero Member
  • *****
  • Karma: 195
  • Posts: 1009
  • sNews1.7
    • Comunidade Portuguesa
Re: eBookCMS PDO
« Reply #5 on: January 04, 2013, 09:07:53 AM »

Hello Jason. Hope everything allright with you.
After read a lot about mysqlite I did install sqlite on windows.

To put everything working I made this new version 1.11
- Add database sqliteV3 inside folder sqlite and sql schema
- Remove and confused sql file for other databases
- Took your ideia for replace global conn

In windows is working, can you try in your mac?

Thank very much Jason, it's good to have feedback
Logged
Need a Job on Europe. Linkdin - Facebook / Group

nukpana

  • Hero Member
  • *****
  • Karma: 71
  • Posts: 663
Re: eBookCMS PDO
« Reply #6 on: January 06, 2013, 05:26:30 AM »

Quick run through and everything seems ok.  Got an odd 404 Error when logging in on Mac using Firefox, but never happened again - even tried on Mac Chrome & Linux using Chromium & Firefox... odd
Logged