ezsql and tbssql

Dear Skrol,

Which one is better ezsql or tbssql?
How do i convert from using ezsql into tbssql?


Thanks

Sorry to be hijacking your Q to skrol - and you should really listen to him on this but...

I use ezSQL for everything (even converting legacy code now)

When skrol came out with tbssql I hoped it would be a replacement because I'd rather have all my eggs in one basket.

tbssql does almost everything except the query caching of ezSQL
I like the ezSQL caching and use it a lot

tbssql has an explicit way to protect against sql injection
ezSQL does have $db->escape() to escape an sql string
I really couldn't assess what the difference would be between the tbssql method and the ezSQL method

If you really needed the injection protection but don't want to rewrite all of your ezSQL into tbssql you might consider Monty Ohrt's SafeSQL class.

my 2cents
TomH

thanks for the explaination. i have other question, why sometime i loss many row in many table in mysql database?

> why sometime i loss many row in many table in mysql database

strange behavior, can you give more details ?

The detail is, for example i have 40 customer data on customer table and 50 product on product table stay in my mysql database. but somehow these row of data is missing almost everyday until it is empty.

why this happen to my website using tinybutstrong, is there any something wrrong with the code or ezsql or there is an intruder, or it is a server side issue, or it is due to a crowded query. i don't know.

Anyone can help and solve the problem?

It is probably due to a crowed query.
Nor TBS and ezSQL does update by themselves. They do only the SQL you ask to them.
You should have a trac mode in ezSQL (I guess but I don't really know). Try to reproduce the behavior in your local development configuration.

You may also be victim of SQL injection by hackers.
You should put a log of SQL statements in your application in order to check that.

Thanks skrol ,

How do i implement trac mode in ezSQL?

and how do implement log of SQL statement.....?

I guess it is due to external action, but i don't know who do this, maybe robot engine.

and is sql injection protection could solve this problem?

Hi, I d'ont know ezSQL so much, but lot of connectivity tools have such feature. Have a look in the manual.
Otherwise you'll have to change the ezSQL code or your code in order to perform such logs.

You always need to be protected against SQL injection. But the log would say exactly what is wrong with you data updates.

Hi skrol,

I have take a look at log file provided by my hosting provider,
It is clear who is doing this action, deleting some of my data.

Who is he: he is a googlebot.com,
66.249.69.153 - - [01/Jun/2010:21:01:45 +0700] "GET /?page=customer.customerlist&act=del&id=27 HTTP/1.1" 200 6648 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.69.153 - - [01/Jun/2010:23:18:25 +0700] "GET /?page=customer.customerlist&act=del&id=47 HTTP/1.1" 200 6644 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

Hi skrol, my question is how can i protect my weaknesses of URL, those URL should not be accessible by any guest, i have design it to be accessible only by administrator?

Thank you for kind help before

Hi Handoko,

You have to secure all of your admin pages. Check at the beginning of each page is the current user has the required profile for the page, otherwise exit("you have not permissions for this page");

This will prevent from Google unwanted actions and any other bounds effects.

handoko

I have been using the "phpSecurePages" utility scripts for a while now and find it to be very flexible for protecting pages.

It can easily become a full user access control subsytem for use anywhere in your site.

On one of my customer sites I set it up as a part of my php auto_prepend include file (which does my TBS, ezSQL). Using phpSP via auto_prepend allows you to protect all pages without having to go back and add code to each of the pages individually.

Hope that helps,