Skip to content
This repository was archived by the owner on Oct 5, 2022. It is now read-only.

PDO initialization unsafe #118

Open
TGM opened this issue Jun 12, 2013 · 3 comments
Open

PDO initialization unsafe #118

TGM opened this issue Jun 12, 2013 · 3 comments
Labels
docs

Comments

@TGM
Copy link

TGM commented Jun 12, 2013

Usually i call this in a common file like a index or header

$psl = new phpSec\Core();
$psl['store'] = $psl->share(function($psl) {
$dsn = 'mysql:' .
'dbname=test;' .
'table=phpsec;' .
'host=localhost;' .
'username=databaseusername;' .
'password=databasepassword';
return new phpSec\Store\Pdo($dsn, $psl);
});

Definind the $dsn in such a major file seems really unsafe and unconfortable as well.

We need something like

$dsn = 'mysql:' .
'dbname=test;' .
'table=phpsec;' .
'host=localhost;' .
'username=databaseusername;' .
'password=databasepassword';
$psl = new phpSec\Core();
$psl['store'] = $psl->share(function($dsn, $psl) {
return new phpSec\Store\Pdo($dsn, $psl);
});

Any ideas?
@TGM
Copy link
Author

TGM commented Jun 13, 2013

I think this is the proper way to do it.

$dsn = 'mysql:' .
'dbname=test;' .
'table=phpsec;' .
'host=localhost;' .
'username=databaseusername;' .
'password=databasepassword';

$psl['store'] = $psl->share(function($psl) use($dsn) {
return new phpSec\Store\Pdo($dsn, $psl);
});

@xqus
Copy link
Contributor

xqus commented Jul 28, 2013

This is a docimentation issue. The part describing the database connection should be updated.

@TGM
Copy link
Author

TGM commented Jan 14, 2014

Regarding the database connection.

We should add

$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
docs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xqus @TGM