[Deprecated] DMZ 1.5.3 (DataMapper OverZealous Edition)

[eluser]OverZealous[/eluser]
[quote author="someoneinomaha" date="1252202053"]I'm really enjoying working with DMZ so far... thanks for the great library.[/quote]

Thanks for your support!

Is there any protection against SQL injection?

Everything that DMZ does to the database runs through Active Record. This means that all values are escaped (preventing SQL injection). Column names are not escaped, however, but you should never accept any sort of SQL from the client anyway.

FYI: $this->input->post() does not provide any sort of SQL injection protection. It merely is a shortcut to handling whether a field was returned, or if not, it returns FALSE. (See here.)

Using the input->post method with the optional second parameter set to TRUE will perform XSS cleaning, but that also provides no SQL injection protection. XSS is a different (and more subtle) form of attack. DMZ handles XSS cleaning through validation rules, namely 'xss_clean'.

[eluser]12vunion[/eluser]
[quote author="OverZealous" date="1252141208"]
Update:
I implemented the option, which will be released soon. I decided to go with the default behavior being indexed arrays, and the option being the old style array. The ID-indexed arrays can cause problems (in my experience), so I think it is better to be manually enabled.[/quote]

I knew {all} is an array, but didn't know it was indexed by id. Does seem a little weird to do it that way since chances are that you don't know the ids of the objects you just grabbed and you might not always want to iterate through them; or loop in some other way. The config option sounds like a good compromise. Very excited about this.

PS -- Thanks for the hard work. I love getting to use an ORM in CodeIgniter.

[eluser]emorling[/eluser]
Sorry, for being a total idiot. I can't login or reset the Squash Example.

[eluser]OverZealous[/eluser]
[quote author="emorling" date="1252296105"]Sorry, for being a total idiot. I can't login or reset the Squash Example.[/quote]

Simplest solution is to just recreate the database! ;-)

Or, go to your DB management tool, and run this:

Code:

DROP TABLE bugs_categories CASCADE;
DROP TABLE bugs_users CASCADE;
DROP TABLE dependencies_dependents CASCADE;
DROP TABLE bugs CASCADE;
DROP TABLE categories CASCADE;
DROP TABLE comments CASCADE;
DROP TABLE groups CASCADE;
DROP TABLE statuses CASCADE;
DROP TABLE users CASCADE;

Or something similar.

When presented with an empty database, the sample app recreates itself. The real value in the sample app is example code, however, not that it works great or anything

[eluser]Oblique[/eluser]
Plural name of advanced relation

Looks like DM has no way to make join table be named properly (children_parents) in cases like this one:

Code:

class Referenceitem extends DataMapper {

    var $has_many = array(
        'file',
        'child' => array(
            'class' => 'referenceitem',
            'other_field' => 'parent'
        )
    );
    var $has_one = array(
        'parent' => array(
            'class' => 'referenceitem',
            'other_field' => 'child'
        )        
    );

    function  __construct($id = null)
    {
        parent::__construct($id);
    }
}

[eluser]PoetaWD[/eluser]
Hello Guys !

I think I found a BUG !

I just started working with the deep relationships ! AWESOME work I have to say phil ! It works like a glove ! Thanks !

But it seens to be a problem when including all the fields from a related object like:

Code:

$obj = new Company();
            $obj->include_related('presponsavel/cpf', 'stNumero');
            $obj->include_related('presponsavel/rg', 'stNumero');
            $obj->include_related('presponsavel/oab', 'stNumero');
            $obj->include_related('presponsavel/enderecoprincipal', array('nmCep','stLogradouro','nmNumero ','stComplemento','stBairro','stCidade', 'stEstado','isAtivo','created','updated'));  //THOSE ARE ALL THE FIELDS FROM THE TABLE
            $obj->where('id',$this->uri->segment(3));
            $obj->get();

So.. it would be easier just to do this:

$obj->include_related('presponsavel/enderecoprincipal','*'); --> That should include all the fields... but it doesnt...

It give me this error:

Code:

A Database Error Occurred

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`) LEFT OUTER JOIN `pfisicas` as presponsavel_pfisicas ON `presponsavel_pfisicas' at line 1

SELECT `companies`.*, `presponsavel_cpf_documentos`.`stNumero` AS presponsavel_cpf_stNumero, `presponsavel_rg_documentos`.`stNumero` AS presponsavel_rg_stNumero, `presponsavel_oab_documentos`.`stNumero` AS presponsavel_oab_stNumero, `presponsavel_enderecoprincipal_enderecos`.` AS presponsavel_enderecoprincipal_ FROM (`companies`) LEFT OUTER JOIN `pfisicas` as presponsavel_pfisicas ON `presponsavel_pfisicas`.`id` = `companies`.`presponsavel_id` LEFT OUTER JOIN `documentos` as presponsavel_cpf_documentos ON `presponsavel_cpf_documentos`.`id` = `presponsavel_pfisicas`.`cpf_id` LEFT OUTER JOIN `documentos` as presponsavel_rg_documentos ON `presponsavel_rg_documentos`.`id` = `presponsavel_pfisicas`.`rg_id` LEFT OUTER JOIN `documentos` as presponsavel_oab_documentos ON `presponsavel_oab_documentos`.`id` = `presponsavel_pfisicas`.`oab_id` LEFT OUTER JOIN `enderecos` as presponsavel_enderecoprincipal_enderecos ON `presponsavel_enderecoprincipal_enderecos`.`id` = `presponsavel_pfisicas`.`enderecoprincipal_id` WHERE `companies`.`id` = '18'

I think this is a BUG... because it works perfectly in the non-deep relationships.

I hope I helped !

[eluser]Mirage[/eluser]
Does the html form generator support rendering checkboxes inline (in one row)? The multifield syntax doesn't seem to work for me:

Code:

$render_form = array (
        'name' => array(
            'size' =>80
        ),
        'title',
        'message' => array(
            'type' => 'textarea',
            'rows'  => 6,
            'cols' => 80
        ),
        array (
            'row_options' => array (
                'label'=> 'Which colors do you like'
            ),
            'coloroptions' => array (
                'type' => 'checkbox',
                'name' => 'coloroptions[]',
                'list' => array (
                    'green' => 'Green',
                    'red' => 'Red',
                    'yellow' => 'Yellow',
                    'blue' => 'Blue'
                )
            )  
        )
    )
);

coloroptions is a non-db field. Instead of rendering it's values in a single row it oddly takes it out of the order and renders them as one per row at the top of the form.

What are my choices here if this is not a bug?
- a custom field template for this field?
- a custom row template for the row?
- adding all the checkboxes as their own field rather than using the 'list' functionality?

Thanks,
-m

[eluser]BrianDHall[/eluser]
I have a question - is there any method, magic or otherwise, that would allow setting a datamapper object property to a value with a function? For instance, I have:

Code:

$details = new Imagedetail();
$details->filesize = $imgsize;
$details->width = $imginfo[0];
$details->height = $imginfo[1];
$details->mime = $imginfo['mime'];

I would prefer to have:

Code:

$details = new Imagedetail();
$details->set_filesize($imgsize)
->set_width($imginfo[0])
->set_height($imginfo[1])
->set_mime($imginfo['mime']);

Basically I would like to use method chaining magically, but I don't want to have to go to the work of creating a set_ function for every property in every model I have.

Is there something I could do to create this, or perhaps an addition of a magic function that could be made hidden inside DMZ?

I'm not very familiar with the magic functions of PHP5 anymore, but you seem to be a master at it

[eluser]OverZealous[/eluser]
[quote author="Oblique" date="1252420034"]Looks like DM has no way to make join table be named properly (children_parents) ...[/quote]

This isn't because you are using advanced relationship (advanced relationships are usually stored on the normal join table), but instead because this is a self-relationship. Self relationship tables are named after the pluralized form of the relationship name.

In this case, I believe the name becomes childs_parents. It's not pretty, but it's what you get with automated naming.

See Naming Self-Relationship Tables.

[eluser]OverZealous[/eluser]
[quote author="PoetaWD" date="1252440349"]I think this is a BUG... because it works perfectly in the non-deep relationships.[/quote]

Yup, it's a bug. Thanks for finding it. I was looking up the field names too early.

Sorry about that, I'll get it fixed for the next release. I also added a check in to make sure it didn't throw a DB error. Now it logs a debug-level message. (I figure it might make sense to have the ability to dynamically pick which columns to include, optionally including none.)