Re: Beginner Question: Define PHP "framework" for me

In article <dbhg2s$q30$1@xxxxxxxxxxxxxxxx>, adykes@xxxxxxxxx (Al Dykes)
wrote:

> I've just grabbed a PHP book and can deal with the syntax and now I
> need to decide to learn specific packages and features.
>
> Define "framework".
>
> What are the major framework flavors ?
>
> Under what conditions can I use two or more frameworks?
>
> Sorry for the beginners question.
>
> Thanks

A frame work is a set of classes that can be used to perform the more
mundane manipulations of the data in your application.

The stuff on http://pear.php.net could be considered a framework of
sorts. There are bunches of classes that provide some utility and
abstraction of different processing.

For example, PEAR DB lets you use the same code to interact with
multiple types of databases. So instead of coding mysql_query() and
pg_query() in your app, you simply instance an object of class DB,
define the database type and connection via the DSN and use the _same_
methods in the class to interact with _whatever_ database it is. In
short, your app user can use any database supported by PEAR DB without
modifying the code (SQL excepted - that is more a database level thing
than a PHP thing.)

I recently wrote some code that lets me take in user input in an
Unsafe(), SafeSQL(), or SafeHTMLSQL() manner in PHP/PostgreSQL E-Zine
Issue 2 http://amduus.com/phpezine/archive/Issue2.pdf Source code (
http://amduus.com/phpezine/archive/issue2.zip ). It takes into account
sourcing from _POST, _GET, _SERVER, etc.

If I want something from what the user entered, I do:

-----
include_once("ObjSafeIO.php");

$IO = new ObjSafeIO;

// Protect from SQL Injection
$FirstName = $IO->SafeSQL("FirstName");

or

// Protect from SQL Injection / Cross scripting attacks
$FirstName = $IO->SafeHTMLSQL ("FirstName");
-----

The class searches across the _POST, _GET, etc for an entry of FirstName
and then applies the manipulations to it to make it safe for SQL use and
for display on a web based app... or not safe depending on what I want
to use the value for.

Hope this helps explain things.
.

Relevant Pages

  • Re: submitted data not updated promptly with ms access
    ... therefore, before writing to the database, i ... using sql injection ... Using an expensive recordset to run a query that does not retrieve ... is what I suspect you want to do, although I don't really know why you wish ...
    (microsoft.public.inetserver.asp.db)
  • Re: limit of lines?
    ... > Agreed, but don't let database design influence OO design, the two are not ... My framework has several rules ... > Customer ID ...
    (borland.public.delphi.non-technical)
  • Re: Executing PHP files on remote web server
    ... The syntax may be different between programming languages and database engines, but the concept of avoiding SQL injections isn't that different. ... SQL injection from a DBA's perspective is completely different from that of a programmer. ... Quite frankly, while you have good experience in database administration and Unix administration, I see virtually nothing in this which provides the necessary experience for programming. ...
    (comp.lang.php)
  • Re: Dabo in 30 seconds?
    ... >> You might want to look at Dabo, which is a database application ... >> framework for Python. ... The wizard isn't the only way to create Dabo apps, ... The framework then takes care of populating the controls with the ...
    (comp.lang.python)
  • RE: SQL injection from within a table - is it possible?
    ... I would assume that all parsers would parse the /entire/ sql query ... Suppose your username was "bob", ... Going back to your initial question about a "stored" SQL Injection ... Is it possible to store an SQL injection string into a MSSQL database ...
    (Pen-Test)