Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Discussion about Hard Coded Database Tables


Recommended Posts

Database tables' names are hardcoded in line 36 of catalog/includes/modules/boxes/bm_specials.php, it should be changed to

      if ($random_product = tep_random_select("select p.products_id, pd.products_name, p.products_price, p.products_tax_class_id, p.products_image, s.specials_new_products_price from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_SPECIALS . " s where p.products_status = '1' and p.products_id = s.products_id and pd.products_id = s.products_id and pd.language_id = '" . (int)$languages_id . "' and s.status = '1' order by s.specials_date_added desc limit " . MAX_RANDOM_SELECT_SPECIALS)) {
Link to comment
Share on other sites

@ - database names and filenames should be hardcoded.  

 

/includes/filenames.php and /includes/database_tables.php are deprecated.

 

Deprecated as a general osC policy? Do you mean that these files will be suppressed in next versions of osC and file and table names will be hardcoded everywhere and thus not changeable?

Link to comment
Share on other sites

Deprecated as a general osC policy? Do you mean that these files will be suppressed in next versions of osC and file and table names will be hardcoded everywhere and thus not changeable?

yes, that is apparently the current line of thinking, personally I don't like it either as I rely on some level of abstraction for the database.

I personally don't have issues with the filenames being hardcoded - maybe we should organize a community poll ?

KEEP CALM AND CARRY ON

I do not use the responsive bootstrap version since i coded my responsive version earlier, but i have bought every 28d of code package to support burts effort and keep this forum alive (albeit more like on life support).

So if you are still here ? What are you waiting for ?!

 

Find the most frequent unique errors to fix:

grep "PHP" php_error_log.txt | sed "s/^.* PHP/PHP/g" |grep "line" |sort | uniq -c | sort -r > counterrors.txt

Link to comment
Share on other sites

yes, that is apparently the current line of thinking, personally I don't like it either as I rely on some level of abstraction for the database.

I personally don't have issues with the filenames being hardcoded - maybe we should organize a community poll ?

Changing the file names may make sense for a store whose default language is other than English, and unique table names may provide a little extra protection against SQL injection attacks. A poll seems a good idea.

Link to comment
Share on other sites

Changing the file names may make sense for a store whose default language is other than English, and unique table names may provide a little extra protection against SQL injection attacks. A poll seems a good idea.

 

There will be no poll and no further discussion about it.

Link to comment
Share on other sites

Deprecated as a general osC policy? Do you mean that these files will be suppressed in next versions of osC and file and table names will be hardcoded everywhere and thus not changeable?

 

The reason is index.php based core where no other files to use in catalog. No reason for file names. Files will become module classes. No admin files no catalog files. No file names.

 

 

You will be able do more effective URL SEO than before by languges.

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

@@Gergely, that makes a lot of sense, but table names is a different issue. I agree that this thread is not the place to discuss it, but maybe you can give a good reason in short as you did for filenames, or link to somewhere else it's dealt with.

Link to comment
Share on other sites

Some pros and cons of putting file names and table names into macros (defines)

 

+  provides some flexibility that file names and table names could be changed if desired for some reason

+  provides a level of abstraction that makes such names stand out in code

+  by having all names in one place, it makes it easier to avoid accidentally repeating a name for a different purpose (PHP can catch duplicate define names)

+  name could be changed more easily if you need to integrate with other code (e.g., different table names for a sitewide common sign-on)

 

-  very few store owners would bother to change "admin" for security reasons, so I doubt they'll change other files or table names

-  is there any real point to localizing names (non-English languages), since the code is still English (keywords, variable names, comments, and even the define names themselves)?

-  slight performance hit, as the defined name has to be looked up and substituted during compile, in addition to extra string concatenation operations

 

Any others?

Link to comment
Share on other sites

The issue of table names has been discussed before. I tried to get Harald to give a reason for making this change. He kept dodging the question. I suspect that there is no reason other than "I want to". Unfortunately that seems to be the way osCommerce is being run.

 

I guess the moral is: "Stop asking. You won't get an answer, and nothing is going to change."

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Looks like there is further discussion, greeeatttttttttttt  :rolleyes:

 

The reason for deprecating the two files is so that shopowners do not have to amend that core file when they add in addons.  Simple really.  

You want to rename a file or a database table?  It takes less time to do that sitewide, than it will for me to write this post. 

 

If I did not just go ahead and do things - there would have been no progress so far - no-one else stepped up to the plate a year ago and said "let's do this".

 

I ask for peoples input, I get little in return, save for a couple of guys who "get it".  

I ask for peoples help to code, I get nothing in return, save for a couple of guys who "get it".    

I ask for people to test things, I get nothing in return, save for a couple of guys who "get it".    

 

What is so hard to understand;

 

If you give nothing, you get what you're given, when it's given.  

Alternatively you can keep on posting random crap about how osCommerce is so bad and how osCommerce doesn't listen and how osCommerce developers are useless and blah blah blah.  

Alternatively, you can start having positive input and help to bring osCommerce out of the Dark Age.

Link to comment
Share on other sites

It finally dawned on me this morning- it is to facilitate extensions to oscommerce without having to touch the core code, otherwise any silly addition would still require a core code change - exactly what we do not want ...

KEEP CALM AND CARRY ON

I do not use the responsive bootstrap version since i coded my responsive version earlier, but i have bought every 28d of code package to support burts effort and keep this forum alive (albeit more like on life support).

So if you are still here ? What are you waiting for ?!

 

Find the most frequent unique errors to fix:

grep "PHP" php_error_log.txt | sed "s/^.* PHP/PHP/g" |grep "line" |sort | uniq -c | sort -r > counterrors.txt

Link to comment
Share on other sites

I mean, the first 11 posts of this thread were first published in http://www.oscommerce.com/forums/topic/399514-bugs-in-gold-version-of-234-responsive/ and later @@burt moved them here.

@@burt, I understand you feel disappointed and uncredited for your effort, and I'm sorry for having contributed to that, in part due to my lack of experience here.

Anyway, I want to say that I still consider the hardcoding I mentioned as a "bug" in the sense that you claim to mirror osC 2.3.4 and you're not doing so in this point. If I know that in conventional 2.3.4 I can change table names and reflect the new names in /includes/database_tables.php, I expect that I'm able to the same in the bootstrap version. That's how I found the issue: because it didn't work. That this will work differently in future versions of osC is a different issue.

Link to comment
Share on other sites

@ - database names and filenames should be hardcoded.  

 

/includes/filenames.php and /includes/database_tables.php are deprecated.

 

Related readings:
Link to comment
Share on other sites

What is needed is for osCommerce to become more popular. That way, it will attract more coders, who will provide more add ons and themes, which will make osCommerce more functional, which will lead to more sales for shop owners.

 

The only way to make osCommerce more popular is to make it easy to use for the average non technical webmaster.

 

In the past, and even up till now, the base code has been relatively easy to install but hard to alter - which has come at a cost. Haphazard add on development, with changes to the core code that causes conflicts, and great difficulty in theming. This results in headaches if people want to alter their osC store (and most osCommerce stores that basically all look the same).

 

What is the motivation for people to create and maintain add ons and themes? To make money, or contribute back to the community. For the former, it is a complete headache to provide support because if a shop owner (or developer) installs add on Y, it interferes with add on X resulting in extra coding work (plus the time it takes to find the problem!). For the latter, the amount of work involved helping out less experienced shop owners makes the whole exercise of "giving back" a tiring and thankless exercise.

 

Look at a program like Wordpress - easy to install, easy to maintain, easy to skin, easy to install add ons - and people are happy to code for it because they know it will just work if they adhere to the standards. osCommerce can be like that. Old time osC users need to change their thinking in this transitional process.

 

Where some us find it a great (and satisfying) challenge to hack the core code to get it to do what we want, we need to look at things differently. How can we add functionality without touching the core code? How can we use hooks, modules and themes to make an exciting and functional shop? We want to get to the stage where the average shop owner won't even need to know what FTP is used for! They should be able to download and install add ons and themes from an osC app store - some may be free and some may be paid. We aren't even half way there yet.

 

We have to let the developers get osC to that "easy" stage. We can make suggestions, test, and in general help wherever we can. The result will be a robust, easy to use eCommerce suite with many more users and stores that have a unique look and feel that will result in what we are looking for - more sales and conversions. Plus developers, add on writers and theme creators should be able to make money, adding even more creativity to the osCommerce ecosystem. 

 

Time to move forward!

osCommerce user since 2003! :thumbsup:

Link to comment
Share on other sites

@@frankl

Nicele, eloquently spoken, and as an 'old school' developer/user I agree, even if it makes my personal setup a little bit more complicated, I can live with the disadvantages, looking at what advantages it will bring for the average store owner/user.

 

@@burt

I suggest we close this thread. 100% agree, time to move forward !

Note, if you really want/need to, you can still re-introduce the database tables layer in your own code. That is the power of opensource ...

KEEP CALM AND CARRY ON

I do not use the responsive bootstrap version since i coded my responsive version earlier, but i have bought every 28d of code package to support burts effort and keep this forum alive (albeit more like on life support).

So if you are still here ? What are you waiting for ?!

 

Find the most frequent unique errors to fix:

grep "PHP" php_error_log.txt | sed "s/^.* PHP/PHP/g" |grep "line" |sort | uniq -c | sort -r > counterrors.txt

Link to comment
Share on other sites

Looks like there is further discussion, greeeatttttttttttt  :rolleyes:

 

The reason for deprecating the two files is so that shopowners do not have to amend that core file when they add in addons.  Simple really.  

 

Simple really after you said it, so I don't regret having started this discussion, which has also produced @@frankl's excelent post.

Link to comment
Share on other sites

  • 5 months later...

Hello,

 

file: includes/modules/boxes/bm_specials.php

 

Line: 33

 

refers to tables by direct name rather than variable name. Thus, if someone modifies includes/database_tables.php to include say a prefect of 'osc_', this breaks.

 

From:

 

if ($random_product = tep_random_select("select p.products_id, pd.products_name, p.products_price, p.products_tax_class_id, p.products_image, s.specials_new_products_price from products p, products_description pd, specials s where p.products_status = '1' and p.products_id = s.products_id and pd.products_id = s.products_id and pd.language_id = '" . (int)$languages_id . "' and s.status = '1' order by s.specials_date_added desc limit " . MAX_RANDOM_SELECT_SPECIALS)) {
Link to comment
Share on other sites

Hrm. I can't get my post to show up in one post? Continued:

 

To:
if ($random_product = tep_random_select("select p.products_id, pd.products_name, p.products_price, p.products_tax_class_id, p.products_image, s.specials_new_products_price from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_SPECIALS . " s where p.products_status = '1' and p.products_id = s.products_id and pd.products_id = s.products_id and pd.language_id = '" . (int)$languages_id . "' and s.status = '1' order by s.specials_date_added desc limit " . MAX_RANDOM_SELECT_SPECIALS)) {
 
ought to fix it.
 
Thanks for all your hard work,
-Who Dah?
Link to comment
Share on other sites

Hello,

 

A few more. Thanks!

 

file: admin/store_logo.php
 
line: 29
 
from:
tep_db_query("update configuration set configuration_value = '" . tep_db_input($store_logo->filename) . "' where configuration_value = '" . STORE_LOGO . "'");
 
to:
tep_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . tep_db_input($store_logo->filename) . "' where configuration_value = '" . STORE_LOGO . "'");
 
 
file:
includes/modules/content/header/cm_header_buttons.php
and
includes/modules/content/header/cm_header_logo.php
and
includes/modules/content/header/cm_header_breadcrumb.php
 
line: 56, 57, 58
 
from:
tep_db_query("insert into configuration (configuration_title, ...
 
to:
tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, ...
 
line: 62
 
from:
tep_db_query("delete from configuration where configuration_key in ('" . implode("', '", $this->keys()) . "')");
 
to:
tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key in ('" . implode("', '", $this->keys()) . "')");
 
 
 
file: includes/modules/content/header/cm_header_search.php
 
line: 64, 65, 66, 70
 
(same thing as above)
 
 
 
includes/modules/content/product_info/cm_pi_reviews.php
 
line: 68-71, 75
 
(same thing as above)
Link to comment
Share on other sites

@@whodah

 

/includes/filenames.php and /includes/database_tables.php are deprecated.

 

So the table references and file names are being hard coded on a going forward basis.

 

Dan

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...