Viewed   48 times

Before I retrieve data I always have to type:


In the interest of making my code more readable it would be great if I could set a default mode somewhere....


Edit. I was originally hoping I could add PDO:FETCH_OBJ to the setAttribute code I run when I connect to the DB, but that doesn't seem to work...


$connection = new PDO($connection_string);
$connection->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
Wednesday, September 7, 2022

PDO does not escape the variables. The variables and the SQL command are transferred independently over the MySQL connection. And the SQL tokenizer (parser) never looks at the values. Values are just copied verbatim into the database storage without the possibility of ever causing any harm. That's why there is no need to marshall the data with prepared statements.

Note that this is mostly a speed advantage. With mysql_real_escape_string() you first marshall your variables in PHP, then send an inefficient SQL command to the server, which has to costly segregate the actual SQL command from the values again. That's why it's often said that the security advantage is only implicit, not the primary reason for using PDO.

If you concat the SQL command and don't actually use prepared statments (not good!), then yes, there still is an escape function for PDO: $pdo->quote($string)

Saturday, November 5, 2022

Well, at second glance your question looks more complex to be answered with just one link

How does php pdo's prepared statements prevent sql injection?

How can prepared statements protect from SQL injection attacks?

What are other pros/cons of using PDO?

Most interesting question.
A greatest PDO disadvantage is: it is peddled and propagated a silver bullet, another idol to worship.
While without understanding it will do no good at all, like any other tool.
PDO has some key features like

  • Database abstraction. It's a myth, as it doesn't alter the SQL syntax itself. And you simply can't use mysql autoincremented ids with Postgre. Not to mention the fact that switching database drivers is not among frequent developer's decisions.
  • Placeholders support, implementing native prepared statements or emulating them. Good approach but very limited one. There are lack of necessary placeholder types, like identifier or SET placeholder.
  • a helper method to get all the records into array without writing a loop. Only one. When you need at least 4 to make your work sensible and less boring.

Does using PDO reduce efficiency?

Again, it is not PDO, but prepared statements that reduces efficiency. It depends on the network latency between the db server and your application but you may count it negligible for the most real world cases.

Monday, September 5, 2022

It looks like your source XML is using xsi:type and xsi:nil, but not prefixing them with a namespace.

What you could do is process these with XSLT to turn this:

    <assignee-id type="integer">123456</assignee-id>
    <assignee-id type="integer" nil="true"></assignee-id>

into this:

<assignees xmlns:xsi="" xmlns:xsd="">
    <assignee-id xsi:type="integer">123456</assignee-id>
    <assignee-id xsi:type="integer" xsi:nil="true" />

This would then be handled correctly by the XmlSerializer without needing any custom code. The XSLT for this is rather trivial, and a fun exercise. Start with one of the many "copy" XSLT samples and simply add a template for the "type" and "nil" attributes to ouput a namespaced attribute.

If you prefer you could load your XML document into memory and change the attributes but this is not a good idea as the XSLT engine is tuned for performance and can process quite large files without loading them entirely into memory.

Saturday, September 17, 2022

Making the browser itself pretend there's a "desktop" camera would be technically possible, but since it would only work with that single browser, it doesn't look like anyone has done this yet. (At least I couldn't find any work for Chrome or Firefox – even though they have 'screen sharing' as a WebRTC feature, nobody seems to have linked it to webcam API yet.)

However, there are products which install a custom device driver that creates a virtual "webcam" device, which is then usable by any program. Your web browser will think you have two webcams; you still need to approve camera requests, and it's still up to you to choose the "preferred" camera.

I googled "virtual camera device" and found several products which can stream the desktop, for example Webcamoid (appears to be multi-platform and open-source), VCam (commercial), OBS VirtualCam (a plugin for OBS).

(For Linux there are two 'generic' drivers, akvcam or the older v4l2loopback, but they still need a program that would provide the actual video data. For Windows and macOS each product most likely uses its own custom drivers.)

Sunday, November 27, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :