mirror of
https://github.com/codeguy/php-the-right-way.git
synced 2025-08-13 17:23:58 +02:00
Small tweaks to Databases section
This commit is contained in:
@@ -4,24 +4,28 @@ title: Databases
|
|||||||
|
|
||||||
# Databases
|
# Databases
|
||||||
|
|
||||||
Many times your PHP code will use a database to persist information. If you use a database you have a few options to connect and interact
|
Many times your PHP code will use a database to persist information. You have a few options to connect and interact
|
||||||
with your database. The recommended option until PHP 5.1.0 was always to use native drivers such as [mysql][mysql], [mysqli][mysqli], [pgsql][pgsql], etc.
|
with your database. The recommended option _until PHP 5.1.0_ was to use native drivers such as [mysql][mysql], [mysqli][mysqli], [pgsql][pgsql], etc.
|
||||||
|
|
||||||
Native drivers are great if you are only using ONE database in your application, but if for example you are using MySQL and a little bit of MSSQL, or need to connect to an Oracle database, then you will not be able to use the same drivers. You'll need to learn a brand new API for
|
Native drivers are great if you are only using ONE database in your application, but if, for example, you are using MySQL and a little bit of MSSQL,
|
||||||
each database and that can get silly.
|
or you need to connect to an Oracle database, then you will not be able to use the same drivers. You'll need to learn a brand new API for each
|
||||||
|
database — and that can get silly.
|
||||||
|
|
||||||
As an extra note on native drivers, the mysql extension for PHP is currently deprecated as of PHP 5.4.0 and will be removed entirely in PHP 5.5.0. That means if you are using `mysql_connect()` and `mysql_query()` in your applications then you will be faced with a rewrite when
|
As an extra note on native drivers, the mysql extension for PHP is currently deprecated as of PHP 5.4.0 and will be removed entirely in PHP 5.5.0.
|
||||||
you upgrade to the next version. You can rewrite this application now to use the [MySQLi extension][mysqli], or use PDO.
|
That means if you are using `mysql_connect()` and `mysql_query()` in your applications then you will be faced with a rewrite when you upgrade to
|
||||||
|
the next version. You can rewrite this application now to use the [MySQLi extension][mysqli], or use PDO.
|
||||||
|
|
||||||
## PDO
|
## PDO
|
||||||
|
|
||||||
PDO is a database connection abstraction library — built into PHP since 5.1.0 — that provides a common interface to talk with
|
PDO is a database connection abstraction library — built into PHP since 5.1.0 — that provides a common interface to talk with
|
||||||
many different databases. PDO will not translate your SQL queries or emulate missing features, it is purely for connecting to multiple types
|
many different databases. PDO will not translate your SQL queries or emulate missing features; it is purely for connecting to multiple types
|
||||||
of database with the same API.
|
of database with the same API.
|
||||||
|
|
||||||
More importantly, `PDO` allows you to safely inject foreign input (e.g. IDs) into your SQL queries without worrying about database SQL injection attacks. This is possible using PDOStatements and bound parameters.
|
More importantly, `PDO` allows you to safely inject foreign input (e.g. IDs) into your SQL queries without worrying about database SQL injection attacks.
|
||||||
|
This is possible using PDO statements and bound parameters.
|
||||||
|
|
||||||
Let's assume a PHP script receives a numeric ID as a query parameter. This ID should be used to fetch a user record from a database. This is the `wrong` way to do this:
|
Let's assume a PHP script receives a numeric ID as a query parameter. This ID should be used to fetch a user record from a database. This is the `wrong`
|
||||||
|
way to do this:
|
||||||
|
|
||||||
{% highlight php %}
|
{% highlight php %}
|
||||||
<?php
|
<?php
|
||||||
|
Reference in New Issue
Block a user