Add in Coding Standards Docs for PHP and SQL #222
Conversation
|
I'll take a look! But are you sure that was me talked at Ft Collins? I am ... less certain. |
|
I gave up on my review and PR'd my feedback as seamuslee001#1 |
|
+1 for the practice of submitting feedback as a PR! 🙂 I'll look at this too... soon, but not right now. |
docs/standards/sql.md
Outdated
| $genderId = 2; | ||
| $result = CRM_Core_DAO::executeQuery("SELECT FROM civicrm_contact WHERE display_name like %1 AND gender = %2", array( | ||
| 1 => array('%' . $name . '%', 'String'), | ||
| 2 => array($genderId, 'Integer'), |
There was a problem hiding this comment.
For non-SQL reasons, I'm not a fan of CiviCRM's storage of gender data. Maybe is_opt_out would be equally effective at demonstrating parameterization?
docs/standards/sql.md
Outdated
|
|
||
| When writing SQL developers should be concious to try to always ensure that all variables that are passed into the SQL are done in a safe and secure maner. | ||
|
|
||
| In CiviCRM the best way is to use the inbuild paramatisation tools to do the job. |
There was a problem hiding this comment.
"inbuilt", "parameterization"
docs/standards/sql.md
Outdated
| @@ -0,0 +1,24 @@ | |||
| # SQL Coding Standars | |||
|
|
|||
| When writing SQL developers should be concious to try to always ensure that all variables that are passed into the SQL are done in a safe and secure maner. | |||
|
ignore that review - yeah the PR was way better flow! |
docs/standards/sql.md
Outdated
| 1 => array('%' . $name . '%', 'String'), | ||
| 2 => array($optedOut, 'Integer'), | ||
| )); | ||
| ``` |
There was a problem hiding this comment.
This is certainly the material we need to present for common queries.
docs/standards/sql.md
Outdated
|
|
||
| The variable types available for this can be found in [CRM_Utils_Type::validate](https://github.com/civicrm/civicrm-core/blob/master/CRM/Utils/Type.php#L378). The query engine then applies appropriate escaping for the type. | ||
|
|
||
| In some circumstances you may find that a complex query is easier to build by directly escaping values using the `CRM_Utils_Type::escape()` method. It's preferable to use the form above. |
There was a problem hiding this comment.
For complex query building, I think that we're inviting trouble if we suggest that people use DAO. I'd rather point towards:
https://github.com/civicrm/civicrm-core/blob/master/CRM/Utils/SQL/Select.php#L33
There was a problem hiding this comment.
Since the topic of complex query-building came up, I'm ready to cave on the purity of CRM_Utils_SQL_Select... civicrm/civicrm-core#10686
There was a problem hiding this comment.
@totten i have attempted to put some docs in let me know what you think.
seamuslee001
force-pushed
the
coding_standards
branch
2 times, most recently
from
6188b5d
to
f46b8f9
Compare
… CRM_Utils_SQL_Select Fix example
seamuslee001
force-pushed
the
coding_standards
branch
from
f46b8f9
to
acbfda9
Compare
Migration was done by Seamus. This commit simply adds the redirect
|
@seamuslee001 thanks for this work. This stuff is really great! I made some small improvements:
|
|
Given @totten's concerns about suggesting that people use the DAO, we are now waiting on @totten to either:
I will merge this PR in 5 days if there are no further comments. I think that right now this content is "better in than out". Reading this page was actually the first time I had ever heard about |
|
I agree. This is a good improvement to the docs, and it's better in than out. |
|
@seanmadsen yep your changes are good mate, I just flowed on from the previous, I think it would be good if we could get a redirect @totten @mlutfy https://wiki.civicrm.org/confluence/display/CRMDOC/PHP+Code+and+Inline+Documentation to https://docs.civicrm.org/dev/en/latest/standards/php/ now |
|
@seamuslee001 the redirect happens automatically when we add it to the book's redirect file as I did in this commit, but it's not instantaneous. Apparently there's roughly a 10 minute delay. So, no further action should be needed here. |
|
@seanmadsen ahhh cool :-) |
|
@JoeMurray Joe i think an example would be probably which is something i have seen in one of our custom modules A developer realises they are going to be using the same base block of sql in multiple places so rather than writing it in each they generic block is put into a helper function where it builds joins + some of the where perhaps but then is fed out to the out functions where its put together with some more sql probably more where clauses and then run through the CRM_Core_DAO::executeQuery, So in this case in that helper function it would make sense to use the CRM_Utils_Escape:; if your only wanting to send back an SQL string. I can also point to this example in the current codebase as a situation https://github.com/civicrm/civicrm-core/blob/master/CRM/Mailing/Event/BAO/TrackableURLOpen.php#L58 i think Chris or Tim talked with Mathieu when coming up with the appropriate escaping strategy in Colarado last year. |
Ping @seanmadsen @xurizaemon Chris are you able to check the SQL one to see if it makes sense i know that you did a talk on writing proper SQL code at the code sprint in Fort Collins last year and just want to make sure its consistent, Sean can you check if i have got the style / phrasing right i think so but just would appreciate a good review.