Posted by Henk verhoeven on 04/29/07 22:56

Kenneth Downs wrote:
> (..) the trouble doesn't start until you put in the filters. At
> this point we punted on that and are having using enter SQL expressions
> like "dob < '1990-01-01'".
Interesting, i have learned to think of SQL injection as a security
breach, you seem to be doing it on purpose?**

PhpPeanuts has got the filters. It can even do navigational queries like:
SELECT hours.* FROM hours WHERE category.name BETWEEN 's' AND 'w'
But not expressed in SQL, but in a Query form GETting the following:
http://examples.phppeanuts.org/example4/index.php?pntType=Hours&pntHandler=SearchPage&advanced=Search&pntF1=category.name&pntF1cmp=BETWEEN+AND&pntF1v1=s&pntF1v2=w

(Move your mouse crosor over the filter expression at the top to het the
form. The resulting page gives access to editable pages but that can be
changed with a few lines of code so that you get the report pages, like
it does from here:
http://examples.phppeanuts.org/example4/index.php?pntType=Hours&pntHandler=SearchPage&advanced=Search&pntF1=category.name&pntF1cmp=BETWEEN+AND&pntF1v1=s&pntF1v2=w&pntLayout=Report

> Try using fpdf to generate the output, it's well documented and gives nice
> PDF files, with some smooth stuff for headers, footers, auto page breaks,
> page numbers and all of that necessary and cumbersome stuff.

Sounds good! PhpPeanuts only outputs HTML. Might be nice to combine the
both, but Andromeda is licensed under GPL, so it would mean any
application programmers code that (indirectly) calls upon Andromeda
components will have to be GPL-ed*, i don't like to force that upon the
developers that are using phpPeanuts. Luckily there is another pdf
library that has a BSD-style license (like phpPeanuts), so i rather have
a litte more work whenever the need arrives for pdf output (i.e. a
customer wants to pay for it).

Furthermore, phpPeanuts is object-oriented, mapping the object's data to
database records. This allows one to add functions written in php to the
domain model, navigate it, build and maintain hierarchies and have
polymorphism. OTOH, If you want the freedom to JOIN and GROUP BY, the
table-oriented aproach of Andromeda will probably suit you better.

Greetings,

Henk Verhoeven,
www.phpPeanuts.org.

* It is my understanding of GPL that any code that links with code that
is licensed under GPL is a derived work, unless it does not depend ont
the code under GPL. Applications typically wil depend on the framework,
so if they are delevered they must be licensed under GPL to third
parties, which may mean the entire public. With an interpreted language,
calling methods must be condidered (dynamic) linking. Providing the full
adromeda source may allow the application developer to withhold his own
source, but that is kind of hard with PHP unless you only rent hosted
applications as a service, so no code is delevered.

** Yes, i read your remark on this subject on
http://www.andromeda-project.org/pages/cms/SQL+Injections
It seems to me that you do not expect application developers to extend
the security beyond what can be arranged on the database.

[Back to original message]