MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005161ATutor- no cat -public2013-01-23 11:202013-12-28 12:49
Reporteranovak 
Assigned Togreg 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.1.1 
Target Version2.1.1Fixed in Version2.2 
Summary0005161: Using mysqli database extension
DescriptionMySQLi allows to use extra functionality as prepare() which will allow to check the syntax of the sql query before its execution as well as proper variable conversions passed into the query using MySQL engine. This conversion will allow to eliminate the case of SQL injections and custom built data normalizing functions in the project.

Also with the use of prepare it will be possible to create one generic SQL query function to query the database by passing SQL string and an array of variables. This way SQL querying could be normalized to only one function call everywhere in the project instead of using different query styling. Using one function everywhere will also minimize chances of SQL injections.
TagsNo tags attached.
Affects versionSVN
SVN Revision#a52c8a1..5c3eb12 master -> master
Attached Files

- Relationships

-  Notes
(0005965)
greg (administrator)
2013-02-06 09:04

Hi,

I have experienced a problem that could be quite hard to debug. Be
careful if you are going to upgrade mysql to mysqli, one thing to note
is the use of "mysql_fetch_row" vs "mysqli_fetch_row".

mysql: "returns ...or FALSE if there are no more rows. "
mysqli: "returns ...or NULL if there are no more rows. "

This can take up to infinite hours to trace. It will only tell you it
has a memory exhaust if you are checking returned value as === false.


refs:
http://php.net/manual/en/mysqli-result.fetch-row.php [^]
http://php.net/manual/en/function.mysql-fetch-row.php [^]


cheers,
harris
(0005968)
anovak (developer)
2013-02-06 09:34

At the moment it is hard to think if currently we have any issues but it might be something useful once we will do the upgrade.
(0006573)
greg (administrator)
2013-12-22 10:52

Enabled mysqli db access functions (install still needs testing)
(0006596)
greg (administrator)
2013-12-28 12:49

closed for ATutor 2.2

- Issue History
Date Modified Username Field Change
2013-01-23 11:20 anovak New Issue
2013-02-06 09:04 greg Note Added: 0005965
2013-02-06 09:24 anovak Note Added: 0005966
2013-02-06 09:32 anovak Note Deleted: 0005966
2013-02-06 09:34 anovak Note Added: 0005968
2013-03-07 10:30 greg Relationship added related to 0003699
2013-12-22 10:51 greg Relationship deleted related to 0003699
2013-12-22 10:52 greg SVN Revision# => a52c8a1..5c3eb12 master -> master
2013-12-22 10:52 greg Note Added: 0006573
2013-12-22 10:52 greg Status new => resolved
2013-12-22 10:52 greg Fixed in Version => 2.2
2013-12-22 10:52 greg Resolution open => fixed
2013-12-22 10:52 greg Assigned To => greg
2013-12-28 12:49 greg Note Added: 0006596
2013-12-28 12:49 greg Status resolved => closed


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker