search

OWASP / phpsec

OWASP PHP Security Project - THIS PROJECT IS INACTIVE AND MAY CONTAIN SECURITY FLAWS
197 stars 103 forks source link

Database Classes #14

Closed abiusx closed 11 years ago

abiusx commented 11 years ago
  1. why is a file named model? filenames should reflect what they hold. If you're having it as a base database adapter, put in adapter as base. If it is database manager class, make it manager.php . Model.php is the worst name one can come up with.
  2. same goes with db.php, I was actually going to find base class there. dbmanager.php is a perfectly valid filename. manager.php is the same.
  3. db.php uses REQUIRE.
  4. Do not throw raw exception.
  5. If you need to use ../ in your include paths, always wrap them around realpath() php function.
  6. We miss PHPDOC in adapters, specially on constructors. How should one know what to send to them?
rash805115 commented 11 years ago

I have one doubt in this library. Abhishek had created a "SQL()" function in this library that we have used all over our code. But what if the user does not wants to use our database library and use only session library. It won't work because they the function "SQL()" won't be defined anywhere.

abiusx commented 11 years ago

They can define their own SQL function and use that instead of what we have.