Good Or Bad To Do This In A Class?

[sf_guy]

Somewhat of a PHP newb still:

 

I'm writing a PHP class to handle event logging in my various apps so that I can just do something like this, for example:

 

logobject->log('<username>','useraction'>); and it will write an entry to the database log based on the user who did it, the action and a datestamp. There will be other items in the class, such as the ability to truncate logs, delete entries before a certain period (such as older than six months), etc. I'm trying to make the class as flexible as possible to save trouble down the road when a user inevitably asks for some specific type of logging.

 

I was thinking of including a test in the class to make sure the log database exists and then creating it automatically if it doesn't. This got me thinking, however, that allowing an app to create a table could cause a whole host of security problems

 

To get around this, I was thinking of automatically putting a REVOKE statement in the class so the app would, in essence, REVOKE its own SQL privileges to create tables.

 

Is this a good approach?

[Christian F.]

No, it's generally not a good approach. Better to create the table manually, or make a dedicated installer script that does it for you.

Not only would you waste a lot of resources checking for the table's existence at every page load, but you'd also make your code a lot more complex and thus harder to maintain. Keeping things simple will help you avoid problems, and make your life a lot easier for you in the long run.

[sf_guy]

Thanks. The installer script is definitely the way to go.

 

I'm thinking I can even just deliver it as a one-time URL "setup.php" that creates the various tables, sets various parameters, etc. Superusers would have the ability to run it, and if it had already been run it would give warnings and ask if they wanted to reset to the initial state.