| Subject: | I like this class concept as it... |
|---|
| Summary: | Package rating comment |
|---|
| Messages: | 2 |
|---|
| Author: | Alex Saavedra |
|---|
| Date: | 2008-09-05 14:10:57 |
|---|
| Update: | 2008-09-06 08:41:45 |
|---|
| |
|
|
Alex Saavedra rated this package as follows:
| Utility: | Good |
|---|
| Consistency: | Insufficient |
|---|
| Examples: | Sufficient |
|---|
|
|
 Alex Saavedra - 2008-09-05 14:10:57 I like this class concept as it offers great flexibility over which tables from your master DB you want to replicate in separate slave DBs. So I tried this class just out of the box, modifying a couple of lines in the provided "exemple.php" corresponding to DB credentials, and used sample data from some production database. To my surprise the INSERT statements failed as soon as single quotes were found in some VARCHAR fields.
I suggest you add some escaping functions prior to sending INSERTs in order for this class to work in the real world. You may use addslashes() or even better, mysql_real_escape_string(), yet even better, rely on some proved database abstraction layer (there are lots out there).
A. Saavedra
Cristian Vrinceanu - 2008-09-06 08:41:45 - In reply to message 1 from Alex SaavedraThank you for your feedback.
I updated the class source file so that it escapes special characters of sql parameters.
Your input is always welcome.
Cristian Vrinceanu
|
