We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Fetching data whats best? | Forum

Topic location: Forum home » Support » General Questions
Marcus
Marcus May 25 '19
Guys what is the difference between fetching data directly from the init.php or controler vs using service.php and then dao.php.

Could that somehow have an impact on the performance?
Oxwall Türkiye
Oxwall Türkiye May 25 '19

The contents of the service handles the protocol structure and permissions of the data used.

init path admin and user can be changed and control ways available. Init content is included in the annotations and road map as well as invitations (Permissions).

DAO: Data connection module area

Event: data permissions

Marcus
Marcus May 25 '19
Thanks. Are you saying that its bad practice to fetch data directly from the file bypassing service and dao? 

Im fetching table directly from the init.php by colling OW::dao->query(select.....). Dont remember the exact structure case im using my cellphone.

Can that slow the site?
The Forum post is edited by Marcus May 25 '19
Oxwall Türkiye
Oxwall Türkiye May 25 '19

Data table creation and deletion.

Abundant Folder:

event.php (Here is the privacy of the sutular to be used in the data table. Example: stay-book-table. Specify the privacy so that they can be added and removed.)

event_dao: Data table connection 3 stages.

1-Create 2-Replace 3-Remove.

You must select the columns that can be used in the event.php in the table with the linked data table operation. Otherwise, you may experience problems.

Merge the kernel system in the data table that connects with the services.php and set the kernel permissions.


class folder:

A management template is created for all permissions used within the site in the event.php content. This page links with the kernel and other links.


provider.php security fields user security, admin security, writable area. Nesler movement safety. Post process security of the forum printing process occurs here.




The connection used in the init is at the stage of creation. The loaded data table of the add-in used. Combination EXAMPLE: Determining the usage quota allowed by the administration on the Admin page. In this field, all of the connexions are triggered in the service.php.

Marcus
Marcus May 25 '19
Wow amazing that explains a lot. No shortcuts next time gorra do it right. Thanks alot.
Patricia Zorrilla Leader
Patricia Zorrilla Jun 24 '20

Quote from Antonio T When i use php 7,2 or 7,3 on event i have trouble  line 108 any answer ?
You have to use PHP 5.6

If not, you will get multiple errors, warnings and erratic behavior.

You can also install the latest version of the events plugin:

https://github.com/oxwall/event
but it will still get errors from other parts of the script

The Forum post is edited by Patricia Zorrilla Jun 24 '20
dave Leader
dave Jun 24 '20

Antonio please start a new topic, thanks


Marcus, to answer your question simply, its all about security and following the model. The model is written this way for a reason and one of the main reasons is to protect exactly what you just did, which bypasses that security.


Here is a simple example:


You own a car and inside that car you have a safe. There are only 2 people that have access to that safe.  One is a person named safe_service.php and the other is a person named safe_dao.php


What this means is that someone might be able scratch the car, or maybe even break the class, but the only way they can bypass the alarm of the car is to use proper access method.


The php classes have permissions on them, public/private/protected.  These permissions are used to allow only certain classes to access the database, that is by design using the MVC (Model - Controller - View) environment model.


Oxwall still needs to work on this model more to close those gaps so that you will not be able to access data from just any file directly.  But the way it should work is like this...


Request data directly from any other place other than inside the bol folder - denied


Meaning that any direct request inside the init file or other file outside of the bol folder should be denied with error.


The proper way is to first call the function inside the service file which acts as a subway station for lack of a better example, for the plugin.  


$whatever = $this BOL Service..... and so on


Then the service file has direct access to the dao file which has direct access to the database connection. 


Remember "dao - this is where my queries go"  lol


And then the data travels back (via returns) from the dao to the service and then to the requesting function in the lower php file. 


This provides security that only certain direct paths to the database are open.  Now what you have discovered is that Oxwall still needs work on those permissions to improve them. 


However just because you can do it inside of the init file, does not mean you should.. Every one should still use the proper method even though there are repairs to be made.


As an example: In my WSS software project, one cannot request anything directly from the data base, try a query in any other file other than the right class and it will blow up errors. It only allows the data to travel in a certain pathway and it cannot be sidestepped. 


I will not approve any plugins that have sql queries anywhere other that in the BOL folder or the basic required queries in the install file.


This is the way Oxwall will also be one day if developement continues.


I hope that helps... :)



The Forum post is edited by dave Jun 24 '20
dave Leader
dave Jun 24 '20
Antonio i have your answer for you to correct that error if you start a new topic i will reply.
Moller
Moller Jan 4
Use the eSIM services from TopUp-Balance Mobile to start a smooth mobile journey. With the quick activation and flexible plan management provided by this state-of-the-art technology, physical SIM cards are no longer necessary. Explore the world of connectedness in the future, when eSIM convenience replaces the limitations of conventional SIM cards. Throughout your mobile adventure, Buy eSIM for bitcoin guarantees a seamless transition into the digital age. Reimagine your connection and discover the universe of possibilities with eSIM.