Web lists-archives.com

Re: [PHP] Trying to Play Catch-Up & get the Bigger Picture




On Wed, Mar 2, 2016 at 2:04 PM, Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx>
wrote:

> On Wed, 2016-03-02 at 08:50 -0800, dealtek@xxxxxxxxx wrote:
> > Hi all,
> >
> > A bit of a layman - general question trying to get the bigger picture...
> >
> > It has been a few years since I have used PHP with MySQL database. I
> understand that the older original MySQL extension has been deprecated, In
> favor of MySQLi or PDO_MySQL extensions..
> >
> > Currently, I am looking into building so mobile friendly Apps/Websites
> that use JavaScript (json - jQuery etc.) css and html5 on the front end,
> And PHP and MySQL on the backend.
> >
> > So the question is, big picture, What is the best way to interface with
> MySQL for this purpose? Would I use:
> >
> > - MySQLi
> > - PDO_MySQL (Am I correct in assuming that PDO is helpful if one may
> need to move to another database system in the future?)
> >
> > - or maybe web services REST
> > - or ???
> >
> > Any links to this general subject would be helpful/
> >
> >
> > --
> > Thanks,
> > Dave - DealTek
> > dealtek@xxxxxxxxx
> > [db-15]
> >
>
> Personally I'd always go with PDO, and not because it allows you to
> change the DB backend (I don't know anyone who's ever done this) but
> because it offers parameterised queries (prepared statements) to
> safeguard against a lot of injection attempts:
>
> $pdo = new \PDO(
>     "mysql:dbname=$dbname;host=$dbhost",
>     $dbuser,
>     $dbpass,
>     array(
>         \PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
>     )
> );
> $statement = $pdo->prepare('SELECT * FROM table WHERE field1 = ? AND
> field2 = ?');
> $statement->execute(array(1234, 'some string'));
>
>
> The beauty of this is you don't need to worry about the variables that
> you're passing in too much, PDO will sanitise them as required for the
> database backend you're using.
>
> You can also reuse the prepared statements, but that's a feature I've
> not used, as it usually indicates an issue with my PHP logic that I'm
> executing the same statement multiple times)
>
> Thanks,
> Ash
>
> http://www.ashleysheridan.co.uk
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
+1 for PDO