info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-21 04:41:40 +02:00
Code Issues Projects Releases Wiki Activity

Updated the database section to address other extensions, while not recommending then.

Browse Source
This commit is contained in:
Phil Sturgeon
2012-07-11 09:49:55 +01:00
parent d911031ec5
commit 5d52b38456
2 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
_posts/06-01-01-Databases-and-PDO.md → _posts/06-01-01-Databases.md
View File

@@ -1,13 +1,23 @@
---
title: Databases and PDO
title: Databases
---
# Databases and PDO
# Databases
Many times your PHP code will use a database to persist information. If you use a database, use `PDO` to talk with it. PDO is a
database connection abstraction library — built into PHP since 5.1.0 — that provides a common interface to talk with
many different databases. PDO will not translate your SQL queries or emulate missing features, it is purely for connecting to multiple
types of database with the same API.
Many times your PHP code will use a database to persist information. If you use a database you have a few options to connect and interact
with your database. The recommended option until PHP 5.1.0 was always to use native drivers such as [mysql][mysql], [mysqli][mysqli], [pgsql][pgsql], etc.
Native drivers are great if you are only using ONE database in your application, but if for example you are using MySQL and a little bit of MSSQL, or need to connect to an Oracle database, then you will not be able to use the same drivers. You'll need to learn a brand new API for
each database and that can get silly.
As an extra note on native drivers, the mysql extension for PHP is currently deprecated as of PHP 5.4.0 and will be removed entirely in PHP 5.5.0. That means if you are using `mysql_connect()` and `mysql_query()` in your applications then you will be faced with a rewrite when
you upgrade to the next version. You can rewrite this application now to use the [MySQLi extension][mysqli], or use PDO.
## PDO
PDO is a database connection abstraction library — built into PHP since 5.1.0 — that provides a common interface to talk with
many different databases. PDO will not translate your SQL queries or emulate missing features, it is purely for connecting to multiple types
of database with the same API.
More importantly, `PDO` allows you to safely inject foreign input (e.g. IDs) into your SQL queries without worrying about database SQL injection attacks. This is possible using PDOStatements and bound parameters.
@@ -52,3 +62,7 @@ Some abstraction layers have been built using the PSR-0 namespace standard so ca
[2]: http://www.doctrine-project.org/projects/dbal.html
[3]: http://framework.zend.com/manual/en/zend.db.html
[4]: http://packages.zendframework.com/docs/latest/manual/en/zend.db.html
[mysql]: http://uk.php.net/mysql
[mysqli]: http://uk.php.net/mysqli
[pgsql]: http://uk.php.net/pgsql

2
_posts/07-04-01-Data-Filtering.md
View File

@@ -14,7 +14,7 @@ PHP provides the `filter_var` and `filter_input` functions to help you do this.
### Sanitization
Sanitization removes (or escapes) illegal or unsafe characters from foreign input. For example, you should sanitize foreign input before including the input in HTML or inserting it into a raw SQL query. When you use bound parameters with [PDO](#databases_and_pdo), it will sanitize the input for you.
Sanitization removes (or escapes) illegal or unsafe characters from foreign input. For example, you should sanitize foreign input before including the input in HTML or inserting it into a raw SQL query. When you use bound parameters with [PDO](#databases), it will sanitize the input for you.
[See Sanitization Filters][2]