OrientDB 2 new official drivers: PHP and Python!

391 views
Skip to first unread message

Luca Garulli

unread,
Dec 30, 2014, 2:24:52 PM12/30/14
to orient-database
Hi guys,
Domenico (@ostico) didn't get any rest for Christmas and after the Python Driver, he've just published the new PHP Driver for OrientDB aligned with a recent version of binary protocol, plus a nice API.

Since @ostico is super active and both PHP and Python drivers are well maintained, we decided, according with the author, to adopt both of them under the Orient Technologies umbrella:
For all the users bound with the Anton's driver (https://github.com/AntonTerekhov/OrientDB-PHP) I suggest to migrate to this new driver to use last versions of OrientDB.

The updated list of drivers is on this page:


Thanks Domenico from the whole community!
Lvc@

Jonathan Rosen

unread,
Dec 30, 2014, 5:31:14 PM12/30/14
to orient-...@googlegroups.com
Good work guys. You should really take a look at incorporating some of the Orientdb helper functions from the Doctrine library: https://github.com/doctrine/orientdb-odm

The binary protocol is great, but it would be much more useful if it implemented prepared statements (or a client side equivalent). It is unsafe to just inject sql statements directly. The Doctrine library has many of these functions already built.

Luca Garulli

unread,
Dec 30, 2014, 6:46:04 PM12/30/14
to orient-database
Hi Jonathan,
WDYT about contributing at it? We could "upgrade" the OrientDB Doctrine module to bind the new PHP driver.

Any volunteer?

Lvc@


--

---
You received this message because you are subscribed to the Google Groups "OrientDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orient-databa...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jonathan Rosen

unread,
Dec 30, 2014, 6:54:42 PM12/30/14
to orient-...@googlegroups.com
HI Luca-

I don't have a ton of time to work on it at the moment, but when I get a chance I can take a stab at it if no one else has the time. It is something that I think would be required for a useful library.

Thanks,

Jonathan

--

---
You received this message because you are subscribed to a topic in the Google Groups "OrientDB" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/orient-database/v8kYNrS8sp4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to orient-databa...@googlegroups.com.

Joel Spriggs

unread,
May 15, 2015, 2:40:00 AM5/15/15
to orient-...@googlegroups.com
I just started some work on a side project for a PHP project in Orient.  I'm mostly used to using Orient in the Java API and the REST interface via javascript, but have a lot of experience in PHP.  I was hoping the php driver would be able to do a prepared statement kind of query like I get in the Java API, but it's not there. 

Would you advise just using sprintf for query string building as a workaround?  I'm looking at it in the context that I'm always paranoid about sql injection and don't want to do something like "Select from Person where age > $age" in php.  The best thing I could think of right away was just writing it as:

$query = sprintf("select from Person where age > %d", $age);

But I wanted to see if that's really the preferred method to do that or if there was another way of doing it.

Jonathan Rosen

unread,
May 15, 2015, 8:09:55 AM5/15/15
to orient-...@googlegroups.com
Hi Joel-
I think what you propose for an integer value would work fine. The problem comes when you work with strings. SQL injection follows specific rules (i.e. "; delete from users; --"). Since it usually relies on ending the previous statement, injecting a new statement, and then commenting the rest of the query, the fear would be that a simple string concatenation, regardless of whether it is fully quoted, would not be sufficient.

Check this script out: https://github.com/doctrine/orientdb-odm/blob/master/src/Doctrine/OrientDB/Query/Query.php

I use that for most of my query generation, and have also written a few custom tokens for that parser for functions that don't yet exist in the canned code (for example lucene geo index search).

As Luca suggested, some brave soul needs to update the Doctrine library to incorporate the new PHP binary protocol that was released recently. This will presumably speed up the PHP driver, while still maintaining the legacy query building functions in the Doctrine library. There is an older PHP binary protocol included with Doctrine already, but it was pretty barebones and I haven't ever used it personally.

In any case, that library should have most of the query building functions you need, certainly enough to add a simple where statement to your query. If you want some example code of how to use the Doctrine query builder, let me know. The Doctrine library also provides an ORM (Object Relational Mapper), but I have never used those features. I prefer to use the query generator by itself, and issue commands with the php database binding's query and command functions.

Reply all
Reply to author
Forward
0 new messages