I have recently been tasked with making some changes to the central ‘library’ of code that an E-Commerce platform is based on. Essentially, the ‘models’ for this application are all in a central, shared location, and all of the ‘installations’ of the e-commerce platform have their own set of controllers and views that interact with these models. The changes I am making involve making the deletion of products reversible; so instead of actually deleting products and associated assets, a flag is merely set in the database; is_deleted = 1. This, at first glance, seems to be quite a simple task; alter the database tables to add the extra column in, and make a change to the central models in Model_Product::deleteProduct and any product ‘getter’ functions, eg Model_Product::getProductsByCategoryId. However, due to the way that the platform has been developed and individual customisations to the installations of that platform have been made, things aren’t quite so simple.
Archive for the ‘PHP’ Category
Coding things the quick way – often a false economy
Wednesday, August 4th, 2010Should you sanitise your HTML before or after you save to your database?
Monday, April 19th, 2010In starting a new project completely from scratch we need to decide whether to sanitise html (that is, convert & to &, < to <, and strip out blacklisted html) before or after we saved to database. In projects I’d worked on in the past this had been done inconsistently in different areas of the application – ie, pre save in some areas and on select in others. After having thought through the problem I think I’ve decided on which option I prefer: Sanitise after selecting from the database, rather than before saving to the database.
