[development] External database handling

Ernst Plüss ernst.pluess at gmail.com
Fri Aug 22 13:19:00 UTC 2008

I'm just in the process of writing a osCommerce api for Drupal. I started my
work by using db_set_active(). Unfortunaltey this only works as long there
are now problems in the code. (Which of course shouldn't be the case for

Let's make an example:

// read oscommerce data

If an error occurs during the oscommer data access the drupal DB is not
found any more. You'll get error messeage telling you that table watchdog
couldn't be found.
I thing we should use the db_* methods because of security, but replacing
the active DB isn't fail proof.

Best Regards

2008/8/22 Larry Garfield <larry at garfieldtech.com>

> On Thursday 21 August 2008 10:21:37 pm Chris Johnson wrote:
> > Is it generally desirable that contributed modules use the Drupal
> > database abstraction whenever possible when accessing external
> > databases?  That is, is it generally preferable to use db_query() and
> > friends, instead of mysql_connect(), mysql_query(), etc. whenever
> > possible?
> Yes, very much so.  All of the security system is built into the
> abstraction
> layer; using mysql_query() directly means you're totally on your own for
> security.
> > I'd especially like to chat with the folks working on the DB layer for
> > D7.  It would be nice to provide an interface to allow adding an
> > additional DB programmatically from the contrib module.
> >
> > ..chris
> Well hi there! :-)
> What you describe was absolutely an issue in the D6 and earlier DB layer.
>  The
> new DB layer is still not perfect, but has improved on it in two ways:
> 1) The $databases value is always an array.  It can be a flattened array,
> as
> some layers are optional, but since the installer populates it in the first
> place it will in almost every case already be an array.
> 2) You can actually instantiate a connection object directly.  I wouldn't
> recommend it as then the core system can't switch to it, but it's
> possible. :-)
> 3) (Nobody expects the Spanish Inquisition!)  The db_*() functions are all
> dumb wrappers.  You can grab a database connection with
> Database::getConnection($key) and then do everything after that with method
> calls; $db->query(), $db->insert(), $db->select(), etc.  So if you want to
> use a given database connection and just pull yourself out of the
> Drupal "active database" definition entirely, you can do so.
> It's still not perfect, though, I agree.  If you have a suggestion for how
> to
> make the connection management more flexible without hurting performance
> (it
> is along the critical path, so we have to be careful) please post an issue.
> Just because the mega-patch landed doesn't mean we're done changing things
> yet. :-)
> --
> Larry Garfield
> larry at garfieldtech.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080822/3215e40c/attachment.htm 

More information about the development mailing list