SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    Strokin' Morango dele454's Avatar
    Join Date
    Oct 2005
    Location
    Cape town, South Africa
    Posts
    294
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Zend_Db_Select or Zend_Db_Adapter

    Hi

    I just need to know which of these two components will be advisable for abstracting your database queries? PHP way or using a database adapter class like PDO_Mysql for query submissions?

    Some of the benefits of Zend_Db_Select includes:

    1. - Automatic quoting of meta-data (table and field names)
    2. - Object oriented interface can provide for easier maintenance
    3. - Helps to promote database independent queries
    4. - Quoting of values to help reduce SQL injection vulnerabilities


    Out of all these the most important to me and meets the requirements of my application is 1&4.

    Since i dont intend migrating my database to another provider (Oracle/SQL Server) i would like to really to use the Zend_Db_Adapter just for the fact that it accepts strings containing sql statements. I just looks more practical for me. with the Zend_Db_Select though looks a bit more readable requires more lines of typing.

    A drawback for me with Zend_Db_Select is that it has NO support for LEFT, RIGHT JOINs, etc. It only supports regular JOINs!!

    I also know that with the Adapter i need to quote() all the time for sql injection prevention. Which makes me like Db_Select since it does this autmatically. I feel am divided between both worlds

    Is there any performance gain using the Zend_Db_Select as opposed to an Adapter?

  2. #2
    SitePoint Addict
    Join Date
    Feb 2007
    Posts
    251
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Any particular reason you don't want to use regular old PDO with prepared statements? Prepared statements will help with the SQL injection worries and you can JOIN any which way.

    I'd avoid abstracting this already-abstracted database access layer (i.e., PDO) if at all possible. Keep it to the absolute minimum. Just enough to meet the application requirements.

  3. #3
    PHP/Rails Developer Czaries's Avatar
    Join Date
    May 2004
    Location
    Central USA
    Posts
    806
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can you not execute on prepared statements with the Adapter class? If you're use prepared statements, you will never have to quote your data.

  4. #4
    Strokin' Morango dele454's Avatar
    Join Date
    Oct 2005
    Location
    Cape town, South Africa
    Posts
    294
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the feedback guys

  5. #5
    SitePoint Addict
    Join Date
    Feb 2007
    Posts
    251
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You bet. And if you choose to use PDO with prepared statements, you should be aware of the following issue --

    http://netevil.org/blog/2006/apr/using-pdo-mysql

  6. #6
    PHP/Rails Developer Czaries's Avatar
    Join Date
    May 2004
    Location
    Central USA
    Posts
    806
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, I always use emulated prepare statements anyways, as it's generally a good measure faster than native ones. Especially when you consider that most of the queries that are performed are SELECT statements that are only executed once. Native prepared statements would result in 2 round trips to the database instead of the one it usually takes. There can be a nice performance gain for INSERT, UPDATE, and DELETE statements in a loop though.

  7. #7
    SitePoint Member
    Join Date
    Feb 2007
    Location
    Poland
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My advise is.... ezcDatabase - it has excellent query abstraction over all DML statements, not only SELECT.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •