Skip to main content

Articles tagged with "database"

GDPR compliance steps for Drupal Developers

30th May 2018

The new GDPR laws are here, hurrah!

Having a number of developers handling databases from a number of client sites could easily be a nightmare, but we at ComputerMinds spent quite some time thinking about how to get and keep everybody safe and squeaky clean on the personal data front.

Here's a quick run-down of the key things to be aware of - and a pretty poster to help you keep it all in mind :)

Remove personal data from your system

  1. Review all databases on your computer, making sure to consider also those .sql dump files still sat in your downloads directory...
Read more

Good practice pays off for Drupal site security

12th Nov 2014

Much has been said about last month's highly critical Drupal security issue 'SA-CORE-2014-005', otherwise known as 'Drupalgeddon'. It was covered by mainstream international media, even if the reaction needs addressing. Drupal's security team take a responsible approach to security issues - being open & honest in disclosing them with fixes, in keeping with the community values. Security issues should always be expected in any software, it's how they are dealt with that speaks far more.

We patched all the sites that we had access to immediately fix, and informed all our clients of the issue as soon as possible. If you host a Drupal site, and haven't yet, run through the Drupalgeddon workflow right now.

Read more

Drupal database prepared statements

25th May 2011

Drupal 7's database layer is awesome, it is built upon PDO and one of the great things about PDO is named placeholders, they allow you to build queries like:


$unsafestring = "this string can contain quotes: ' or other things";
$query = db_select('table')
           ->fields('table')
           ->condition('field', $unsafestring);

The SQL that is sent to the database is:


SELECT table.* FROM table WHERE (field = :db_condition_placeholder_0)

This is sent along with the contents of $unsafestring to replace the :db_condition_placeholder_0 token. Note that this isn't some lame string replacement, but an actual argument for the SQL statement.

This has some interesting implications for converting...

Read more

Drupal mysql utf8 and latin1 character set issues

27th Apr 2008

Upgrading from Drupal 4.6 has always been complicated by issues of character sets, but the Drupal upgrade scripts normally solve most of these problems for us. But when your dealing with a complex upgrade you need a good understanding of how Drupal is dealing with character sets in Mysql.

It all comes down to this - pre 4.7 Drupal stores utf8 encoded data in latin1 based tables (although this sounds a bit silly there were good reasons for it). From 4.7 onwards Drupal stores ut8 encoded data in utf8 encoded tables. The process of converting from one method to...

Read more