[wp-hackers] Making WP more secure the evolutionary way

Jacob Santos wordpress at santosj.name
Mon Jan 26 21:41:29 GMT 2009


This is *exactly* what I don't want to see WordPress use. The 
implementations that I've seen haven't been optimized that well. It is 
the same sort of setup that CodeIgniter uses (whom coincidently calls 
their model Active Record, are they wrong with the pattern name? Most 
likely) and I despise it with a passion. The problem is that it will 
never be as fast as:

$db->query(SQL_HERE);

Most of the code in CodeIgniter makes use of arrays, checks and 
iteration that inherently adds to the implementation and slows the 
process down.

Furthermore, I know SQL and I know how to protect against being raped. 
Why do I need something that holds my hand? In the off-chance that there 
is something I didn't forsee occurring that leads me to being taken 
advantage of against my will? Doubtful, who is to say there wouldn't be 
a bug in this sort of implementation? Most new APIs have bugs and we'll 
be throwing ourselves on an API that would have be seriously tested both 
for functionality and security.

Jacob Santos

Otto wrote:
> I used the Zend Table stuff for a while, and I liked it to a certain
> extent. It looks like this:
>
> $selectstmt = $table->select()->where('whatever = ?',
> $whatever)->order('something ASC');
> $row = $table->fetchRow($selectstmt);
>
> This would get a row as an object (one predefined by a class for that
> row type), or as a generic row if you didn't define it as something
> special. You could also get multiple rows like so:
> $rows = $table->fetchAll($selectstmt);
>
> This gives you a "RowSet", which was just a fancied up array of Rows.
> It's really quite clever, and the classes allow for specifying the
> dependent tables as well, which could then be automatically retrieved
> based on the parent tables (internally it uses joins to do this).
> Clever.
>
> -Otto
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>   



More information about the wp-hackers mailing list