Which is the best method to use for the CodeIgniter 4 among the Model and the Query Builder class? What are the limitations of the CodeIgniter 4 Model and the Query Builder?
I searched a lot about this question. But I did not get any clear answer. For complex queries currently, I am using the Query Builder class. But I want to know what is the best method among the CodeIgniter 4 Model and the Query Builder class. Your answers are highly appreciated.
It depends on your needs and preferences.
Model class - This is used by extending the base Model class, and you can add your own functions/methods. It is not as flexible as the Query Builder, and it only has pre-defined methods.
Query Builder - Easy to build complex queries. But more room for errors if didn't handle it. Ex SQL injection if you failed to validate it properly.
Related
since my last question in SO, I've been reading a bit about how to prevent sql injection and many people mentioned active records class. but when I google it, it only exists in codeigniter 2.
so my questions are:
is Query Builder Class in codeigniter 3 the upgraded version of Active Record Class or do they serve different purposes?
is it enough (in general) to use Query Builder Class methods like $this->where('field', $foo); instead of $this->where("field = '$foo'"); to prevent sql injection?
P.S. I'm using codeigniter 3 and mysql
1- ActiveRecord was in Codeigniter 2, but in Codeigniter 3 you have QueryBuilder instead. The both classes do same work for you, maybe QueryBuilder is improved version of ActiveRecord. In other frameworks like Yii2, ActiveRecord is an ORM not only query string builder but in CI was simple query builder.
2- Codeigniter will escape all passed parameters automatically but I suggest you validate your inputs before running queries. For example, the value of a numeric id field should be a number, not a string so the rule of ID input should be INTEGER.
You can see Validation in Codeigniter 3 at official documentation: https://www.codeigniter.com/userguide3/libraries/form_validation.html
All works that you should do is pass your field value as a function parameter, not as a string (field and value together). If you want to run your query without QueryBuilder, you must escape your parameters manually. You can get more information about it in Codeigniter documentation:
https://www.codeigniter.com/userguide3/database/queries.html#escaping-queries
The tutorial of zend framework show that I can use Zend\Db\ResultSet\HydratingResultSet to return a model object using the dbAdapter ,select query and a model prototype. But in most case writing the website code I use multi-table query and the hydrator can not fix this problem but just a single table query. How should I deal with this kind of problem.
hydrator doc
And this problem can also happen when encounting the pagination which also only take one prototype.
paginator doc
Depending on the query, you might need a custom ResultSet that knows how to deal with the multi-row potential of a multi table query, and mapping that dataset appropriately.
Additionally, if you find yourself getting into very advanced object relationships with Zend\Db, that might be the time to start considering Doctrine2 (or a similar ORM).
I'm just starting to learn about Laravel and trying to migrate from CI. I have a few simple questions.
Do I have to use eloquent when using a model?
In CI using model you just extends Model. Is there the same to use in Laravel? So far all the docs I found only state that I have to use eloquent if I want to use model. Eloquent is a bit confusing at the moment for me. So I just want to use simple query builder in my model.
I guess number 1 and 2 questions are somehow related.
You can use fluent:
DB::table("...");
Eloquent, which is based on PDO is ORM and more abstracted from raw queries.
Eloquent is a great tool, so I recommend familiarizing yourself with it if you get the chance.
You can build queries on your own using Laravel's query builder.
Read up on it here, I hope this answers your question and sorry if I misunderstood!
http://laravel.com/docs/queries
Good luck!
I think you can`t create a model without extends eloquent like laravel 4 Doc
class User extends Eloquent {}
because a model in laravel based into eloquent ORM unlike CodeIgniter
If you need to deal with database tables with creating models ,you can use DB class
like laravel 4 Doc
DB::select('') and DB::table('')
I am developing my first YII website. I have a couple of doubts about YII database.
There are three methods to query database in yii.
Database Access Objects
Query Builder
Active Record
Out of these three methods which is the secure and most preferred method?
If I have custom queries to perform which method should I prefer?
In case of Query Builder queries we explicitly choose table like
$user = Yii::app()->db->createCommand()
->select('id, username, profile')
->from('tbl_user') // explicitly choosing the table
->join('tbl_profile p', 'u.id=p.user_id')
->where('id=:id', array(':id'=>$id))
->queryRow();
so where should I write query builder queries? Is there any advantage if I write them in corresponding table model?
If I use DAO or query builder what class should extend my model?
How to validate user inputs if I follow DAO method or query builder method?
Depends. All are equally secured if you know how to use them securely.
DAO. That's my opinion though.
In the models.
There are two main model classes in Yii. CFormModel and CModel. For queries, extend the class with respect to CModel.
Just a note at the end. DAO is the fastest among them. Active record is slowest. On the other hand, active record is more convenient. You are the one who needs to decide what should be the balance.
You can use CActiveRecord for all your requirements.
how do you handle middle sized projects with PHP and Zend Framework. Do you use Zend DB Table / Row for your Models and Database operations ? Or do you have some kind of Abstract Model class with your SQL Statements ?
I would like to hear some opinions, thanks.
I'd recommend Zend_Db_Table and Row for basic handling of database stuff. It's not very advanced (see Doctrine for a full ORM) but is a good way to encapsulate functionality and you can add custom functionality to Row objects.
You can always add raw SQL methods to your models:
class MyModel extends Zend_Db_Table_Abstract {
public function getSomething(){
return $this->getAdapter()->fetchAll("SELECT * FROM `tbl`");
}
}
We personally use Zend_Db_Select() in models in our company. It's because we use many joins and stuff in our ecommerce software. For simple apps is Zend_Db_Table suitable.
I've been using Doctrine lately for the DB layer and haven't looked back. I found it simple to populate object graphs from the DB. Other solutions were too cumbersome in dealing with relationships for my liking.
My domain model sits above the DB layer and manages the business logic.
It really depends on your domain model though. The current version of Doctrine requires all models to extend a class, so it's not suitable if you need model inheritance. Also, it's only suitable if your model is similar to your DB structure.