At work we have a somewhat handy database class. It was written as commercial code, so I wouldn't feel right using it in free apps. So I wrote my own (improved, I'd say :)) version of it.
Basically, it keeps an associative array representing the database, allowing you to load, save, and create an entry extremely easily.
I wrote the database class, a settings file, and a demo file. The demo file shows how to load, update, and insert entries, as well as how to query a list and count entries in a table and a few other things.
This probably shouldn't be used directly from your normal display code. I'd write a middle-layer that generates queries and plays with objects, basically implementing the business layer, then a fairly simple display layer, or something. But that's just me.
<edit> Also, it should be secure against SQL-Injection and XSS except where I specifically say it isn't. The get() and set() functions definitely won't fall victim to SQL-Injection or XSS, and the only places that will I think are the $where parameters for queries, which is pretty obvious.
Here is the source: http://www.javaop.com/~ron/code/clsDB.tgz
Or, if you just want to look: http://www.javaop.com/~ron/code/clsDB
Any comments or suggestions are welcome. I'm not actively using this code yet, so suggestions now or soon would be most helpful.
(a note about where I posted: this sort of fits in web-dev and in tutorials/examples.... I personally like having it in the 'examples', but if anybody thinks it belongs in webdev, you have my permission to move it)
if (!defined('RON'))
die('Hacking attempt...');
ROFL.
It's clearly got some roots in SMF :P
Quote from: rabbit on August 28, 2006, 11:59:59 PM
It's clearly got some roots in SMF :P
Just that one line :)
2 lines, technically :P
Anyway, it looks good, though I kind of prefer to use my own SQL classes.
iago, you keep churning out awesome work. I have my own org.iago package in my Java library. And now I may end up using this =P Nice job!
It's probably worth it to share, I tested it out to see if the regex considers a carriage return when seeing if the line ends with one of your set characters. It does consider it, and returns false on the match, so using newlines for sql-injection doesn't work in that area. http://64.9.205.64/~andrew/code/test/
Now that you mention it, I never really looked at how I handle newlines; in fact, I didn't even give an option for a textarea. Maybe I should! :)
By the way, thanks for the complement, that makes all this work worthwhile :)
I was playing with newlines, and apparently a carriage return (%0a) at the end doesn't break the regex, but a carriage somewhere other than the very end, or a linefeed (%0d) anywhere triggers it. I also noticed that I can send a null (%00) to terminate the string early, but I don't think it does anything useful. I don't particularily like that you can send a carriage return at the end of the string, but it's not hurting anything.
And incidentally, I made a couple minor changes and updated the code at the above link:
- Added a third parameter to "set", allowing the programmer to disable html-replacing (dangerous for user data, but ok for programmer data)
- Added a function, getTextArea(), which was sorely lacking before.
Another small updated: added functions getValuePair() and getIDPair(), which return the "fieldname=value" pairs, which you can send in URLs.