Need for Database Abstraction?
4 posts by 2 authors in: Forums > CMS Builder
Last Post: July 26, 2010 (RSS)
By MisterJim - July 23, 2010
I'm bidding on a project and part of the RFP calls for the developer to do the following:
"In code, replace direct interaction with database with an intermediate layer (PearDB, ADODB or developer-chosen layer) and implement prepared statements to eliminate risk of SQL injection."
I am trying to sell them on letting me use CMS Builder. I still haven't found anything that compares in terms of flexibility. So much of what CMS Builder does automatically will resolve a number of issues they're having with their original site.
But I don't know how to respond to the requirement to use database abstraction as it pertains to CMS Builder. Any pearls of wisdom you might shoot my way?
Thanks.
Jim
"In code, replace direct interaction with database with an intermediate layer (PearDB, ADODB or developer-chosen layer) and implement prepared statements to eliminate risk of SQL injection."
I am trying to sell them on letting me use CMS Builder. I still haven't found anything that compares in terms of flexibility. So much of what CMS Builder does automatically will resolve a number of issues they're having with their original site.
But I don't know how to respond to the requirement to use database abstraction as it pertains to CMS Builder. Any pearls of wisdom you might shoot my way?
Thanks.
Jim
WebCamp One, LLC
Websites That Work
Websites That Work
Re: [Mr Jim] Need for Database Abstraction?
By Jason - July 26, 2010
Hi Jim,
CMS Builder would be an intermediate layer between the user and the database as the software handles all of the SQL statements. It allows users to manipulate the database without having direct access to it.
CMS Builder also has built in code that eliminates the risk of SQL injection attacks.
Hope this helps. Let me know if you have any other questions.
CMS Builder would be an intermediate layer between the user and the database as the software handles all of the SQL statements. It allows users to manipulate the database without having direct access to it.
CMS Builder also has built in code that eliminates the risk of SQL injection attacks.
Hope this helps. Let me know if you have any other questions.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
Re: [Jason] Need for Database Abstraction?
By MisterJim - July 26, 2010
Well, I suppose that if one sticks to using CMS Builder as the intermediary and refrains from writing the occasional in-line SQL statement to directly access the database, that would be true. I think that should satisfy them. Thanks for the response.
Jim
Jim
WebCamp One, LLC
Websites That Work
Websites That Work
Re: [Mr Jim] Need for Database Abstraction?
By Jason - July 26, 2010
Hi Jim,
You can also get rid of SQL injection writing inline SQL by using the mysql_escape() function.
Example:
Hope this helps.
You can also get rid of SQL injection writing inline SQL by using the mysql_escape() function.
Example:
<?php
$query = "UPDATE `{$TABLE_PREFIX}news` SET title='".mysql_escape($record['title'])."'";
mysql_query($query);
?>Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/