[wp-hackers] Making WP more secure the evolutionary way
Jacob Santos
wordpress at santosj.name
Mon Jan 26 21:41:29 GMT 2009
This is *exactly* what I don't want to see WordPress use. The
implementations that I've seen haven't been optimized that well. It is
the same sort of setup that CodeIgniter uses (whom coincidently calls
their model Active Record, are they wrong with the pattern name? Most
likely) and I despise it with a passion. The problem is that it will
never be as fast as:
$db->query(SQL_HERE);
Most of the code in CodeIgniter makes use of arrays, checks and
iteration that inherently adds to the implementation and slows the
process down.
Furthermore, I know SQL and I know how to protect against being raped.
Why do I need something that holds my hand? In the off-chance that there
is something I didn't forsee occurring that leads me to being taken
advantage of against my will? Doubtful, who is to say there wouldn't be
a bug in this sort of implementation? Most new APIs have bugs and we'll
be throwing ourselves on an API that would have be seriously tested both
for functionality and security.
Jacob Santos
Otto wrote:
> I used the Zend Table stuff for a while, and I liked it to a certain
> extent. It looks like this:
>
> $selectstmt = $table->select()->where('whatever = ?',
> $whatever)->order('something ASC');
> $row = $table->fetchRow($selectstmt);
>
> This would get a row as an object (one predefined by a class for that
> row type), or as a generic row if you didn't define it as something
> special. You could also get multiple rows like so:
> $rows = $table->fetchAll($selectstmt);
>
> This gives you a "RowSet", which was just a fancied up array of Rows.
> It's really quite clever, and the classes allow for specifying the
> dependent tables as well, which could then be automatically retrieved
> based on the parent tables (internally it uses joins to do this).
> Clever.
>
> -Otto
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list