I've found some performance and security issues with this class:
1) You are using PDO library to connect only with MySQL (even thou PDO supports DB2, MSSQL, Oracle, etc) so you really shouldn't use addslashes() and htmlentities(). Keep in mind that single quote is not the only special character that can break your sql query. The same is true for htmlentities(). You need to use PDO prepared statements (recommended) or PDO::quote (not recommended by a PHP manual)
2) When copying one database to another, you should try the "INSERT INTO ... SELECT" query ( see: http://dev.mysql.com/doc/refman/5.0/en/insert-select.html ) . It is much... much faster (> 400%) than two separate queries (SELECT and INSERT). Even phpMyAdmin uses this mechanism to copy data.
3) For performance reasons you should try to use prepared statements or bulk inserts (depends on coding your preferences and/or abilities;)
2. Re: I've found some performance and security issues with this cl
2010-10-29 11:23:33 - In reply to message 1 from Artur Graniszewski
you are using fetchAll() method. This can lead to fatal errors. Imagine that the table you are trying to fetch has got 200MB of data. Now try to load that into PHP memory (the memory limit is often capped at 16-32MB in php.ini by the sysadmins).
3. Re: I've found some performance and security issues with this cl