Previously on the blog
RSS feed
  1. Using POG with Flex
  2. Optimizing your web application
  3. Regenerating large objects
  4. PHP4 or PHP5
  5. New and Improved
  6. Evolution of a cube
  7. POG Museum
  8. POG 3.0 alpha
  9. Initial Performance results Part 2
  10. Initial performance results
  11. Proposal: POG 3.0 object model
  12. Suggest a feature
  13. A new year, A new POG release
  14. Many-Many relations
  15. POG 2.5 Released
  16. POG 2.5 beta
  17. Automatic table alignment
  18. New version: 2.1.2 released
  19. RSS should work well now
  20. RSS feed glitches
  21. What's new in 2.1.0
  22. PHP Objects 2.1.0 (preview)
  23. PHP Object relations FAQ
  24. PHP Object Relations
  25. Searching base64 encoded text
  26. How to debug POG-generated objects
  27. POG UI Tips
  28. Featuring Of Interest links
  29. PHP CRUD
  30. POG 2.0.1: A better code generator
  31. A look at the POG SOAP API
  32. POG 2.0.0 released
  33. Coming soon: Generate parent-child objects
  34. Generated abstraction v/s dynamic abstraction
  35. Zend Framework preview
  36. Coming soon: Generate Objects through SOAP
  37. Easily save images and files to a database
  38. PHP, Paypal & POG
  39. Five advanced Code Generator tips
  40. PHP Pagination using generated objects
  41. PHP Code Generator benchmarks
  42. Representing database objects using an AJAX Tree interface
  43. Using SETUP in a production environment
  44. Description of the generated object package
  45. Introducing PHP Object Generator version 1.6
  46. Using AJAX and PHP Object Generator
  47. When to use Object->SaveNew()
  48. Generating PHP objects in 2006
  49. Happy Holidays
  50. A short video of the POG Setup process
  51. A sneak peek at POG 1.6
  52. POG Tip: Field limits
  53. Previous versions.
  54. Searching the blog and tutorials sections
  55. Generating code with "Other" SQL data types
  56. Five general POG tips
  57. POG source code locations
  58. Microsoft SQL 2005 Express Edition
  59. Impatiently awaiting PHP 5.1 and PDO
  60. Php Object Generator goes open source
  61. POG generates PDO compatible code
  62. Oracle to offer free database
  63. POG Google group
  64. Database Wrappers and POG
  65. Revisions
  66. The generator blog
  67. An explanation of the 'Escape' function.
  68. Mirror, mirror
  69. Using POG to solve real world problems
  70. A php object-relational database tool
  71. A simple and flexible Object Oriented approach to PHP


Want more Php Object Generator?
Back to the Code Generator
The POG Google group
The POG tutorials/code samples
The POG mirror site




An explanation of the 'Escape' function.

written 1629 days ago

After using POG for the first time, you’ll notice that some parts of your information stored in the database have been converted to Base64 before being saved. Upon retrieval of the information, the object converts the data back into its original form. So, in effect this escaping and unescaping of information is transparent to the programmer, unless you look at the database directly.

For example, let’s assume I create an object to store user login information. My object attributes are as follows:

object name = User
attribute1 = username
type1 = varchar(255)
attribute2 = password
type2 = varchar(255)
attribute3 = age
type3 = int(4)

After my `user` object has been created by POG, I use it in my code as follows:

$user = new $User();
$user->username = “joel”;
$user->password = “password”;
$user->age = 24;
$user->Save();

The `Save` command maps the user object into a user table and stores the information as follow:

--------  -----------  ----------  -----
userid    username     password    age
--------  -----------  ----------  ------
1           am9lbA==  cGFzc3dvcmQ= 17

You’ll notice that the username and password variables have been escaped before they were saved whereas the age variable wasn’t. This happened because POG only escapes mixed data and leaves numeric data unescaped. By escaping mixed data for you, POG makes your web application more secure. This prevents injection type attacks on your web app.

We chose base64 because in our opinion, it’s the most convenient. It allows us to store and retrieve entire html pages to and from our database without breaking any sql statements. If we ever need to check what’s in the database, we use an online base64 decoder/encoder.

UPDATE: As from POG 1.6, a setup script is provided with every object. This setup script, amongst other things, provides an interface to the database table abstracted by your PHP objects. Using this interface, the developer can browse, edit and delete objects in the database. Therefore, using this interface allows the developer to take a look at the data in a non-encoded form. Check this video for more information.

The beauty in all this I suppose is that you don’t have to use base64 to escape your information. There’s 2 function in the database class provided by POG: Escape($text) and Unescape($text) that you can modify to change how POG saves your information.

For example, if you want POG to save everything supplied to it as-is, simply comment out the contents of the functions. Or you can also make POG encrypt your information by using the PHP Crypt() function. The choice is yours.


that’s an interesting approach!

if the escape/unescape functions are commented out, are the strings still quote-escaped for the database (addslashes() etc)?

(i suppose i could download the source code and see for myself, heh…)
bunnyhero    Nov 22, 05:02 PM    #

Hi bunnyhero. No, if you comment out the escape functions, POG would try to insert/retrieve your data as-is. The strings wouldn’t be quote-escaped. However, you can simply modify the functions so that they Addslashes and Stripslashes instead of base64_encode & base64_decode. Cheers.
Joel    Nov 22, 05:10 PM    #

I was thinking about a proper store way. Base64 isn’t so good, because you aren’t able to search among data without decode, plus you have about 30% overhead. Binary data format wouldn’t be better?
Gabor Tóth    Jan 5, 06:57 AM    #

Agreed Gabor, the encode/decode mechanism POG employs by default will not suit everyone’s need. Please read Mark’s comments at the bottom of this article for more explanation as to why we chose base64.

Moreover, as from POG 1.6, there’s an interface to the database which automatically decodes the information, allowing you to peruse your data at your own leisure. Check out this video for more information.

Also, as mentioned in the article above, you can always change the way the Escape/Unescape functions work, and choose your own encoding/decoding mechanism, whether it be mysql_real_escape_string or even encrypting/decrypting methods provided by PHP.
Joel    Jan 5, 09:37 AM    #

As from POG 2.0, database encoding can easily be turned off by setting
$configuration[‘db_encoding’] = 0 in configuration.php


Joel Wan    Aug 15, 02:50 PM    #

I’m sorry, I’m VERY new at this. I’d like to turn off the encoding. Adding the line you mentioned to the configuration.php file did not turn off the encoding and I am unclear exactly which lines to comment out.


Evelyn    Sep 4, 11:53 AM    #

All objects and configuration files generated using POG 2.0+ will have a line in the configuration.php that says $configuration[‘db_encoding’] = 1. Simply change this to 0.


Joel    Sep 4, 01:38 PM    #

  Textile Help
About Php Object Generator
This is a weblog about the Php Object Generator (POG) project, OO PHP, databases and Php code generators in general.

Php Object Generator, (POG) is an open source PHP code generator which automatically generates clean & tested Object Oriented code for your PHP4/PHP5 application.

Subscribe to our RSS feed

Feedback, Feature Requests, Bugs to:
The POG Google group

Send us a Hello through email

RSS feed

Php Object Generator Plugins
Frameworks vs. Libraries in PHP | David Otton
PhpMyAdmin remote vulnerability
SubIssue
Textpattern plugins
AJAX POST vs GET
Zend Framework Intro
MVC Frameworks suck?
Php Objects
Performance tuning subversion


Suggest a link