PDO initialization unsafe

[TGM]

Usually i call this in a common file like a index or header

$psl = new phpSec\Core();
$psl['store'] = $psl->share(function($psl) {
$dsn = 'mysql:' .
'dbname=test;' .
'table=phpsec;' .
'host=localhost;' .
'username=databaseusername;' .
'password=databasepassword';
return new phpSec\Store\Pdo($dsn, $psl);
});

Definind the $dsn in such a major file seems really unsafe and unconfortable as well.

We need something like

$dsn = 'mysql:' .
'dbname=test;' .
'table=phpsec;' .
'host=localhost;' .
'username=databaseusername;' .
'password=databasepassword';
$psl = new phpSec\Core();
$psl['store'] = $psl->share(function($dsn, $psl) {
return new phpSec\Store\Pdo($dsn, $psl);
});

Any ideas?

[TGM]

I think this is the proper way to do it.

$dsn = 'mysql:' .
'dbname=test;' .
'table=phpsec;' .
'host=localhost;' .
'username=databaseusername;' .
'password=databasepassword';

$psl['store'] = $psl->share(function($psl) use($dsn) {
return new phpSec\Store\Pdo($dsn, $psl);
});

[xqus]

This is a docimentation issue. The part describing the database connection should be updated.

[TGM]

Regarding the database connection.

We should add

$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);