You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’ve been using ThingEngineer’s wrapper for many years – it was just super handy and practical for my small projects.
A few years back I already thought:
“Someone should really rewrite this thing using PDO…”
Because honestly, most of the other PDO wrappers I found were either too clunky or would’ve taken too much effort to migrate all my existing projects.
So a few days ago, I had this brilliant idea to just do it myself.
At first, everything went great – I was motivated, got the basic structure working, tested a few things and thought:
“Yeah! This is working nicely!”
Then I randomly looked through the issues in the original project –
…and saw one about SQL injections in where().
I was like: “Wait, what?”
Ran a quick test – and yeah, damn… mine was vulnerable too 😑
So I started patching filters. First the usual way – then came the idea to add typed where*() methods.
Now the original where() still works (for full compatibility), but the new versions are much safer.
I ended up applying similar improvements for orderBy, groupBy, and a few other areas too.
But let’s be real:
The number of edge cases you could test here is basically infinite – and I’m doing all this in my spare time, just for fun.
At some point I honestly thought:
“Who even needs this anymore? Everyone’s probably using Symfony or Laravel by now…” 😅
But hey – the wrapper is out now.
I’ve tried to stay close to the original class, just rebuilt on PDO, with improved security and a few extra features.
Whether it’s truly stable or not… well, that’s something time (and testing) will tell.
That’s why I’d really appreciate if a few people could take a look, give it a try, and maybe share some feedback.
And no worries:
Criticism is welcome – preferably with a constructive idea or even a PR 😄
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hey folks,
I’ve been using ThingEngineer’s wrapper for many years – it was just super handy and practical for my small projects.
A few years back I already thought:
“Someone should really rewrite this thing using PDO…”
Because honestly, most of the other PDO wrappers I found were either too clunky or would’ve taken too much effort to migrate all my existing projects.
So a few days ago, I had this brilliant idea to just do it myself.
At first, everything went great – I was motivated, got the basic structure working, tested a few things and thought:
“Yeah! This is working nicely!”
Then I randomly looked through the issues in the original project –
…and saw one about SQL injections in where().
I was like: “Wait, what?”
Ran a quick test – and yeah, damn… mine was vulnerable too 😑
So I started patching filters. First the usual way – then came the idea to add typed where*() methods.
Now the original where() still works (for full compatibility), but the new versions are much safer.
I ended up applying similar improvements for orderBy, groupBy, and a few other areas too.
But let’s be real:
The number of edge cases you could test here is basically infinite – and I’m doing all this in my spare time, just for fun.
At some point I honestly thought:
“Who even needs this anymore? Everyone’s probably using Symfony or Laravel by now…” 😅
But hey – the wrapper is out now.
I’ve tried to stay close to the original class, just rebuilt on PDO, with improved security and a few extra features.
Whether it’s truly stable or not… well, that’s something time (and testing) will tell.
That’s why I’d really appreciate if a few people could take a look, give it a try, and maybe share some feedback.
And no worries:
Criticism is welcome – preferably with a constructive idea or even a PR 😄
Beta Was this translation helpful? Give feedback.
All reactions