If you've used MyBB and created custom scripts for it you might have noticed that MyBB has it's own database methods.
Here are a couple of examples:
$db->query
$db->fetch_array
$db->num_rows
My question is, what's the point? Why not just use the standard techniques for grabbing information from the database? Also, is there a way we could use these database methods for our own projects? If so, does anyone know what file MyBB makes this happen at?
The database classes are used to abstract different database engines - MyBB supports MySQL, Postgresql and SQLite, and the database methods make sure we can support the slightly different syntax for all of these with minimum changes required to code.
The classes are found in the files inc/db_*.php - inc/db_mysql.php for the MySQL version, inc/db_mysqli.php for the MySQLi version, etc. You might be able to use these with your own projects, but might need some slight changes where core variables such as "$mybb" are used that might not be defined in your project.
(2017-01-09, 06:10 PM)Euan T Wrote: [ -> ]The database classes are used to abstract different database engines - MyBB supports MySQL, Postgresql and SQLite, and the database methods make sure we can support the slightly different syntax for all of these with minimum changes required to code.
The classes are found in the files inc/db_*.php - inc/db_mysql.php for the MySQL version, inc/db_mysqli.php for the MySQLi version, etc. You might be able to use these with your own projects, but might need some slight changes where core variables such as "$mybb" are used that might not be defined in your project.
Wow thanks for the helpful information. I was wondering, I only use the MySQL version of MyBB. Which we all know now is subject to SQL injections if not prepared against. Does the MySQLi version of MyBB have the same safety of MySQLi but also the quick ability to insert/update database information? I ask this because I am thinking about working on a new project but want to use prepared statements. However, I think prepared statements take a long time manage.
(2017-01-09, 06:13 PM)Achilles Wrote: [ -> ] (2017-01-09, 06:10 PM)Euan T Wrote: [ -> ]The database classes are used to abstract different database engines - MyBB supports MySQL, Postgresql and SQLite, and the database methods make sure we can support the slightly different syntax for all of these with minimum changes required to code.
The classes are found in the files inc/db_*.php - inc/db_mysql.php for the MySQL version, inc/db_mysqli.php for the MySQLi version, etc. You might be able to use these with your own projects, but might need some slight changes where core variables such as "$mybb" are used that might not be defined in your project.
Wow thanks for the helpful information. I was wondering, I only use the MySQL version of MyBB. Which we all know now is subject to SQL injections if not prepared against. Does the MySQLi version of MyBB have the same safety of MySQLi but also the quick ability to insert/update database information? I ask this because I am thinking about working on a new project but want to use prepared statements. However, I think prepared statements take a long time manage.
It is possible to use prepared statements with the mysqli_* function (and the core PHP MySQLi class), but MyBB doesn't currently use prepared statements unfortunately. We instead use $db->escape_string()
I don't know what PHP version you are currently running, but I'd highly recommend using mysqli over mysql because mysql is deprecated in PHP 5.5 and removed in PHP 7.0.
Prepared statements work best if your script is going to be using the same query at least 3 times otherwise you are making more calls to the database. If you are only using 1 or 2 of a query, it is generally more optimal to escape the data with $db->escape_string() or use array_map on the array.