Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+2 votes
in Q2A Core by
am wondering if this script or code base is MVC and if it has things like ORM, and templating ?

1 Answer

+1 vote
If you mean 'does it use a known MVC framework, or 'does it use an active-record-type pattern and a true MVC distinction between model, view and controller' then the answer is no.

However, it collects the database queries in a single module, routes requests to scripts through a Rails-like page routing system, and has a theme-based system that collects essentially all the logic for display in one PHP class. Which makes the answer a qualified 'yes'.
ok then it answers my question... but this single database module is it Object Oriented ?
Actually there are several database files, and they are all functionally-oriented rather than object-oriented. qa-db.php is the equivalent of the ORM with generic functions for handling queries, and the other qa-db-*.php files are the ones with the queries in.

It's a bit of an old-school, C-like organisation but it is clean and efficient.
No; it's simply a file containing a set of (carefully-named) query generation functions.

Actually I have misled you somewhat! Strictly speaking the database is a set of PHP files (with the qa-db prefix); the qa-db-selects file is the one I am referring to. This contains the select queries that generate the pages. Other modules handle vote activities etc.
DisgruntledGoat is correct; I answered incompletely and I don't deserve my +1 :)

The strategy used in Q2A is similar to that used by Wordpress, with careful function naming. There are some more object-oriented parts in the system such as themes and plugins, which allow Q2A to interact safely with site-specific code.
ooh now that we are at this... how secure is this script cos I am scared of most things procedural(functional)... as my idea is you cant keep track of everything since things are not centralised. for instance in rails or other MVC frameworks, you can have a core model that has some security enforcement and this model then gets extended for all your models... this means as time goes on, you have one point to improve security
Having looked into just this I can say that the SQL injection prevention stuff is definitely there (it's a little non-standard but well implemented.) There are still relatively few entry points for inserting content into the database, so you should be able to check this out for yourself, if you're concerned.

There's more at:

ooh ok... but if many sites are using it and you guys have not seen any issues so far then I guess I can go with the crowd... but is there any big big site that uses this and its safe... I would love to know how they implemented and made it work for them
I don't have any personal knowledge of the bigger sites, but you can see a list of sites using this code here:

ooh thanks... I will take a look and then study how it fairs with those sites