Reading through the code of this addon before I install it:
For example:
Why aren't prepared statements used in code like this? The zend quote function is vastly inferior to prepared statements.
Functions like this:
Show a lack of defensive programming. The value of $limit should be an integer at all times? So why not intval($limit).
For example:
Code:
public function getHashTagByContentType($contentType, $contentId)
{
$hashTags = $this->_getDb()->fetchAll('
SELECT hashtags.*
FROM xm_hashtags AS hashtags
WHERE content_type = ' . $this->_getDb()->quote($contentType) . ' and content_id = ' . $this->_getDb()->quote($contentId)
);
return $hashTags;
}
Why aren't prepared statements used in code like this? The zend quote function is vastly inferior to prepared statements.
Functions like this:
Code:
public function getRecent($limit = 25)
{
$hashTags = $this->_getDb()->fetchAll('
SELECT hashtags.*
FROM xm_hashtags AS hashtags
GROUP BY content_type, content_id
ORDER BY date_posted DESC
LIMIT ' . $limit
);
return $this->prepareHashTags($hashTags);
}
Show a lack of defensive programming. The value of $limit should be an integer at all times? So why not intval($limit).