Login   Register  
PHP Classes
elePHPant
Icontem

I've found some performance and security issues with this cla...

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      DB Backup Class  >  All threads  >  I've found some performance and security issues with this cla...  >  (Un) Subscribe thread alerts  
Subject:I've found some performance and security issues with this cla...
Summary:Package rating comment
Messages:3
Author:Artur Graniszewski
Date:2010-10-29 11:16:50
Update:2010-11-10 12:31:09
 

Artur Graniszewski rated this package as follows:

Utility: Sufficient
Consistency: Good
Examples: Sufficient

  1. I've found some performance and security issues with this cla...   Reply  
Picture of Artur Graniszewski
Artur Graniszewski
2010-10-29 11:16:50
I've found some performance and security issues with this class:

1) You are using PDO library to connect only with MySQL (even thou PDO supports DB2, MSSQL, Oracle, etc) so you really shouldn't use addslashes() and htmlentities(). Keep in mind that single quote is not the only special character that can break your sql query. The same is true for htmlentities(). You need to use PDO prepared statements (recommended) or PDO::quote (not recommended by a PHP manual)

2) When copying one database to another, you should try the "INSERT INTO ... SELECT" query ( see: http://dev.mysql.com/doc/refman/5.0/en/insert-select.html ) . It is much... much faster (> 400%) than two separate queries (SELECT and INSERT). Even phpMyAdmin uses this mechanism to copy data.

3) For performance reasons you should try to use prepared statements or bulk inserts (depends on coding your preferences and/or abilities;)

  2. Re: I've found some performance and security issues with this cl   Reply  
Picture of Artur Graniszewski
Artur Graniszewski
2010-10-29 11:23:33 - In reply to message 1 from Artur Graniszewski
btw.

you are using fetchAll() method. This can lead to fatal errors. Imagine that the table you are trying to fetch has got 200MB of data. Now try to load that into PHP memory (the memory limit is often capped at 16-32MB in php.ini by the sysadmins).

  3. Re: I've found some performance and security issues with this cl   Reply  
Picture of Raul
Raul
2010-11-10 12:31:09 - In reply to message 2 from Artur Graniszewski
Thank you man...

I'll upgrade this class using those things...

I know this class can overflow the memory limit. But is the 1.0 version...

I'll rewrite some functions....


very thanks

Living and Learning... =)