Today's Posts Follow Us On Twitter! TFL Members on Twitter  
Forum search: Advanced Search  
Navigation
Marketplace
  Members Login:
Lost password?
  Forum Statistics:
Forum Members: 24,256
Total Threads: 81,169
Total Posts: 566,838
There are 42 users currently browsing (tf).
 
  Our Partners:
 
  TalkFreelance     Design and Development     Programming     PHP and MySQL :

Create a PHP Database Access Class using PDO

Thread title: Create a PHP Database Access Class using PDO
Reply    
    Thread tools Search this thread Display Modes  
05-29-2012, 04:33 PM
#1
Ant is offline Ant
Status: Member
Join date: Apr 2005
Location: England
Expertise:
Software:
 
Posts: 209
iTrader: 5 / 100%
 

Ant is on a distinguished road

  Old  Create a PHP Database Access Class using PDO

Another blog post, let me know what you think.

Supposed to just be scratching the surface, nothing spectacular!

http://anthonythomas.me/php-database-class-pdo/

Cheers

Reply With Quote
06-01-2012, 09:20 AM
#2
stephan2307 is offline stephan2307
Status: I'm new around here
Join date: Jun 2012
Location: UK
Expertise: php, mysql, js, jquery
Software: PHPDesigner, Chrome
 
Posts: 10
iTrader: 0 / 0%
 

stephan2307 is on a distinguished road

  Old

I like it.

but I think you could make it a little bit easier to use.

PHP Code:
$sql 'SELECT *
        FROM messages m
        WHERE m.message_id = :message_id
        AND m.temperature = :temperature'
;
 
$params = array(
        
':message_id' => '48',
        
':temperature' => '23'
    
);
 
$db->query($sql$params); 
you could update your code so that it would allow sql like this


PHP Code:
$sql 'SELECT *
        FROM messages m
        WHERE m.message_id = 48
        AND m.temperature = 23'
;

$db->query($sql); 
wouldn't be that difficult and make more sense when using the class.

06-01-2012, 09:34 AM
#3
Ant is offline Ant
Status: Member
Join date: Apr 2005
Location: England
Expertise:
Software:
 
Posts: 209
iTrader: 5 / 100%
 

Ant is on a distinguished road

  Old

Yes you could, I suppose that wasn't a very good example - the binding parameters prevents SQL injection, as the SQL and parameters are sent to the database server separately.

You would usually be inputting submitted information by the user, so you would normally have to sanitize it, but with prepared statements you don't have to.

You would more likely use something like this for your parameters, where the variables are local copies from a global $_POST array.

PHP Code:
$params = array(
        
':message_id' => $user_input_string,
        
':temperature' => $user_input_string_two
    
); 

Reply With Quote
06-01-2012, 09:50 AM
#4
stephan2307 is offline stephan2307
Status: I'm new around here
Join date: Jun 2012
Location: UK
Expertise: php, mysql, js, jquery
Software: PHPDesigner, Chrome
 
Posts: 10
iTrader: 0 / 0%
 

stephan2307 is on a distinguished road

  Old

I understand that and it is good. What I meant (sorry for not being clear in the first part) was that you could add some code in your query function that would then create the params from the sql string that has been submitted. So you would still have all the advantages of sanitizing ect.

Hope you understand what I meant now.

Reply With Quote
06-01-2012, 02:49 PM
#5
Village Genius is offline Village Genius
Village Genius's Avatar
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
 
Posts: 6,892
iTrader: 18 / 100%
 

Village Genius will become famous soon enough

  Old

With parameters you don't need to sanitize. If you sanitize input then add it as a parameter it things like quotes will come though escaped.

Reply With Quote
Reply    


Thread Tools
Display Modes

  Posting Rules  
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump:
 
  Contains New Posts Forum Contains New Posts   Contains No New Posts Forum Contains No New Posts   A Closed Forum Forum is Closed