[wp-hackers] Making WP more secure the evolutionary way

Otto otto at ottodestruct.com
Mon Jan 26 23:44:43 GMT 2009 

On Mon, Jan 26, 2009 at 3:41 PM, Jacob Santos <wordpress at santosj.name> wrote:
> This is *exactly* what I don't want to see WordPress use.

I'm not exactly advocating it for WordPress, I'm just saying how I saw
and used it.

I liked it in that particular implementation, as it made it extremely
easy for me to manipulate data in ways that I needed to manipulate it.
For example, if I needed to get and mess with, say, a list of posts.
After creating the objects to represent a Post and a Posts, it's easy
to manipulate them., then it's rather simple to do something like
this:

$poststable = new Posts();
$posts = $poststable->fetchAll($poststable->select()->limit(20,0)));
foreach ($posts as $post) {
echo $post->title;
echo $post->content;
}

Saved me a ton of programming time. A bit of up-front development and
that was that. The joined tables were just as simple. By defining the
dependent tables (say, postmeta in this case) and the relevant
matching columns and relationships between them (say, post_id to
post_id, one to many), then getting data from that new table became
this:
$postmeta = $post->findPostMeta();
foreach ($postmeta as $item) {
echo $item->key;
echo $item->value;
}

Very handy. The only downside is that there is a small amount of
overhead at the initial creation of the first object. It has to query
the table to figure out what the column names and types are and such.
But you could pre-calculate that, dump it, and then shove it right
into the code for instant gratification there.

Anyway, not saying it's right for everybody or for every project. But
it has many advantages over raw queries:
1. Development time is drastically reduced, since you don't end up
writing lots of database code over and over again.
2. The framework itself is open source, if there's any bugs, then
update the framework.
3. Platform independence. This one supported a dozen different
database types, not just mySQL.

Lots of valid reasons for it. In terms of sheer processing speed, it
may be slightly slower. Probably is, in fact. But that's a problem
that can be solved with hardware, and hardware is cheap by comparison
to development time.

-Otto

More information about the wp-hackers mailing list