Flourish PHP Unframework
This is an archived copy of the forum for reference purposes

ORM Problem

posted by melimelo 8 years ago

Hey guys,

I've been trying to exercise myself with flourish and everything is going great cuz it's super well documented and explained. Haven't got any problem so far until I reach the point of Database.

Connecting and querying is simple but I have never seen anything like an ORM / active record before and I have read the doc more than 10 times and tried multiple thing I can't manage to understand how it work.

My database is following the ORM Convention but my problem is that I just don't know what to do at all with it.

So maybe guys you could post a complete simple example for me cuz in the doc it's all split up and can't manage to make work anything.

So how do I check if there is a similar entry like if I wanna check if this email xxx@gmail.com already exist in the DB how do i do it ? (I'm not even sure the ORM can do that)

How do I retrieve/modify/delete a row based on it's primary key ?

Can I add a row with the orm ?

If you could just make me a simple functionnal example with some of the features I would be gratefull.

thanks in advance.

Melimelo

ps: sorry for my poor english it's not my mothertongue

Hi Melimelo

Like you said the flourish lib is very well documented, so I will give you a few examples based on your question, and then perhaps you can look at the documentation again and it will seem more clear.

So basically the idea behind the fORM is to relieve you from writing tons of code for mapping your PHP classes with your database models. Your PHP is object oriented and your database is relational, hence ORM - Object-Relational Mapping.

Usually if you model a problem domain like say 'students' and 'classes' in your database, you would create create IDs in either table and in this way link them together. We say that you will join the tables. The result is a row with the data you need. Join student and classes to get which classes a student attend.

In an object oriented language like PHP (as of 5.3) you would 'simply' call a method to achieve the same like: $student->getClasses().

The ORM will do all the work in between. So basically it makes it possible for you to forget about the database logic and queries (this is of course an exaggeration).

In flourish this works by looking at the database model that you've created. It so you have to create it correctly. You have to setup foreign keys. So that the fORM can 'learn' your model.

Once you've setup your database you can do things like the following.

Create a new student (insert row): 

$student = new Student();
$student->setName('Mona');
$student->store();   // here the row is created

$id = $student->getId();

Fetch a row / an object: 

$student = new Student(5); // will fetch student with primary key 5, it can handle complex primary keys as well.
	
$student = new Student('xxx@gmail.com'); // this only works if the email is the primary key.

Delete a row / an object: 

$student->delete();

If you want to 'search' for objects on values other than the primary key. You mention search by email: 

fRecordSet::build('Student', array('email=' => 'xxx@gmail.com'));  // note the = sign in the array.

See more here: fRecordSet Sorry for not making a functional example. Feel free to ask away.

posted by mblarsen 8 years ago

Oh thanks so much I got a "tilt" with your explaination and can now use it ( it's quite handy).

However i still do have some question :

  • is this secure ? So basicly if you add a row with data cominf from the user is flourish taking care of sql injection or do i need to treat the data before ?
  • imagine you have a register page. You don't want two people with the same nickname do i just send the data and get an exception cuz there is a unique key on it ? Or do i check before if it's the second option how can i check that ? I can make a search by nickname and if i get an exception this mean i can proceed to the registration but this seems really strange to me.

Thanks in advance.

Melimelo

posted by melimelo 8 years ago

Regarding security you should check this part of the documentation http://flourishlib.com/docs/Security

(it also covers your question regarding sql injection)

Regarding the registration page scenario, you will of course need to check the existens of a user by the same name or email or whatever you use as the identifier. Never sites will check this when you leave the input field or after a short break from typing - telling your whether the name is available or not.

/Michael

posted by mblarsen 8 years ago

Sorry double post :S

posted by melimelo 8 years ago

Hello,

Thanks again for all the help I already got. Here is my last question do I need to do such a thing to be sure it's safe or is the setEmail enough ? (I'm really confused) : 

$user->setEmail($db->escape('string', $email));

Thanks in advance.

Melimelo

posted by melimelo 8 years ago

It is safe. You don't have to do anything special.

Flourish applies what it has learned from reading the database scheme, it will ensure that only strings, integers and so on will go into the database.

posted by mblarsen 8 years ago