Web lists-archives.com

Re: [PHP] Trying to Play Catch-Up & get the Bigger Picture




On Wed, 2016-03-02 at 08:50 -0800, dealtek@xxxxxxxxx wrote:
> Hi all,
> 
> A bit of a layman - general question trying to get the bigger picture...
> 
> It has been a few years since I have used PHP with MySQL database. I understand that the older original MySQL extension has been deprecated, In favor of MySQLi or PDO_MySQL extensions..
> 
> Currently, I am looking into building so mobile friendly Apps/Websites that use JavaScript (json - jQuery etc.) css and html5 on the front end, And PHP and MySQL on the backend.
> 
> So the question is, big picture, What is the best way to interface with MySQL for this purpose? Would I use:
> 
> - MySQLi
> - PDO_MySQL (Am I correct in assuming that PDO is helpful if one may need to move to another database system in the future?)
> 
> - or maybe web services REST
> - or ???
> 
> Any links to this general subject would be helpful/
> 
> 
> --
> Thanks,
> Dave - DealTek
> dealtek@xxxxxxxxx
> [db-15]
> 

Personally I'd always go with PDO, and not because it allows you to
change the DB backend (I don't know anyone who's ever done this) but
because it offers parameterised queries (prepared statements) to
safeguard against a lot of injection attempts:

$pdo = new \PDO(
    "mysql:dbname=$dbname;host=$dbhost",
    $dbuser,
    $dbpass,
    array(
        \PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
    )
);
$statement = $pdo->prepare('SELECT * FROM table WHERE field1 = ? AND
field2 = ?');
$statement->execute(array(1234, 'some string'));


The beauty of this is you don't need to worry about the variables that
you're passing in too much, PDO will sanitise them as required for the
database backend you're using.

You can also reuse the prepared statements, but that's a feature I've
not used, as it usually indicates an issue with my PHP logic that I'm
executing the same statement multiple times)

Thanks,
Ash

http://www.ashleysheridan.co.uk




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php