Query Construction Patterns in PHP

Most PHP applications use databases, with developers including both static queries, given directly in the code, and dynamic queries, which are based on a mixture of static text, computed values, and user input. In this paper, we focus specifically on how developers create queries that are then used with the original MySQL API library. Based on a collection of open-source PHP applications, our initial results show that many of these queries are created according to a small collection of query construction patterns. We believe that identifying these patterns provides a solid base for program analysis, comprehension, and transformation tools that need to reason about database queries, including tools to support renovating existing PHP code to support safer, more modern database access APIs.

[1]  James R. Cordy,et al.  The TXL source transformation language , 2006, Sci. Comput. Program..

[2]  Tijs van der Storm,et al.  RASCAL: A Domain Specific Language for Source Code Analysis and Manipulation , 2009, 2009 Ninth IEEE International Working Conference on Source Code Analysis and Manipulation.

[3]  Anthony Cleve,et al.  Dynamic Analysis of SQL Statements for Data-Intensive Applications Reverse Engineering , 2008, 2008 15th Working Conference on Reverse Engineering.

[4]  Anthony Cleve,et al.  Where was this SQL query executed? a static concept location approach , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[5]  Paul Klint,et al.  An empirical study of PHP feature usage: a static analysis perspective , 2013, ISSTA.

[6]  Mark Hills,et al.  Variable Feature Usage Patterns in PHP (T) , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[7]  Premkumar T. Devanbu,et al.  Static checking of dynamically generated queries in database applications , 2004, Proceedings. 26th International Conference on Software Engineering.

[8]  Alexander Aiken,et al.  How is aliasing used in systems software? , 2006, SIGSOFT '06/FSE-14.

[9]  Jan Vitek,et al.  Evaluating the Design of the R Language - Objects and Functions for Data Analysis , 2012, ECOOP.

[10]  Michael D. Ernst,et al.  An Empirical Analysis of C Preprocessor Use , 2002, IEEE Trans. Software Eng..

[11]  Michael D. Ernst,et al.  Automatic creation of SQL Injection and cross-site scripting attacks , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[12]  Ewan D. Tempero,et al.  Understanding the shape of Java software , 2006, OOPSLA '06.

[13]  Sven Apel,et al.  An analysis of the variability in forty preprocessor-based software product lines , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[14]  Anthony Cleve,et al.  Static Analysis of Dynamic Database Usage in Java Systems , 2016, CAiSE.

[15]  Jan Vitek,et al.  An analysis of the dynamic behavior of JavaScript programs , 2010, PLDI '10.

[16]  Donald E. Knuth,et al.  An empirical study of FORTRAN programs , 1971, Softw. Pract. Exp..

[17]  Paul Klint,et al.  Enabling PHP software engineering research in Rascal , 2017, Sci. Comput. Program..

[18]  Joost Visser,et al.  Quality Assessment for Embedded SQL , 2007 .

[19]  Marco Mori,et al.  Understanding the database manipulation behavior of programs , 2014, ICPC 2014.

[20]  Mark Hills,et al.  Variable Feature Usage Patterns in PHP , 2015 .

[21]  Hee Beng Kuan Tan,et al.  Applying static analysis for automated extraction of database interactions in web applications , 2008, Inf. Softw. Technol..

[22]  Michael Stepp,et al.  An empirical study of Java bytecode programs , 2007, Softw. Pract. Exp..

[23]  James R. Cordy,et al.  WAFA: Fine-grained dynamic analysis of web applications , 2009, 2009 11th IEEE International Symposium on Web Systems Evolution.

[24]  Paul Klint,et al.  PHP AiR: Analyzing PHP systems with Rascal , 2014, 2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE).

[25]  Mark Hills,et al.  Evolution of dynamic feature usage in PHP , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[26]  Jeffrey S. Foster,et al.  Profile-guided static typing for dynamic scripting languages , 2009, OOPSLA 2009.

[27]  Paul Klint,et al.  Static, lightweight includes resolution for PHP , 2014, ASE.