Friday 15 June 2012

Optimum PHP Database Connectivity - The PDO Way


Hypertext Processor or PHP, as it is more commonly known, has entranced the minds of developers worldwide. It is a general-purpose scripting language that can be embedded in HTML. One of the major advantages of PHP is its ability to talk with a variety of databases. This adds the much-needed interactive dimension to websites whereusers can fetch dynamic data and perform transactions. The heart of any web application is not its UI or its controller; it’s the database that stores and provides data based on the queries that are made to it. PHP, being a widely popular programming language, is adopted across the world by dedicated PHP programmers handling large-scale projects for firms providing PHP web development services. If you are one the countless offshore PHP developers who have handled database interactions, and still use the traditional PHP MySQL API for database connections, then this article is precisely targeted at you.

Did you know PHP offers 3 types of APIs for database connectivity? No? Well, here’s some information on them:

  1. MySQL – The most popular API which establishes database connectivity in the easiest of manners.
  2. MySQLi – An ‘Improved’ version of the MySQL API.
  3. PDO – PHP Data Objects, an API that is database agnostic and supports prepared statements, thus negating the requirement for SQL Injection.

Looking at the above points, some might say feel that MySQL seems to be the easiest way out, then why should we try anything else! Well, let us give you three reasons. Firstly, some of the commonly used MySQL API database connectivity code snippets are all set to be deprecated as they do not adhere to the best practices policy are not exactly the right learning that greenhorn developers should pick up. Second, if you need to escape user input, you need to specifically do it from the code, which can be a complex endeavor, especially if you are new to database connectivity and don’t have a clue about data sanitization. Third and the most important point; the MySQL API is inflexible which means you will come up a cropper if you decide to switch databases. Reason enough to consider PDO?

Remember the traditional way of connecting to a MySQL database:

# Connect

mysql_connect('localhost', 'username', 'password') or die('Could not connect: '. mysql_error());

Now consider the PDO technique where we create a new class instance, specify the driver, database name, username, and password:

$conn= newPDO('mysql:host=localhost;dbname=myDatabase', $username, $password);

The main advantage of this technique is that in the event of switching of databases, you can simply update the DSN. This reduces your dependency of MySQL and eliminates the absolute necessity of functions, such as mysql_connect.

But what about errors, you will ask! If the database connection is not established, how do we check the error? PDO offers 3 error mode options to deal with exceptions:

  1. PDO::ERRMODE_SILENT
  2. PDO::ERRMODE_WARNING
  3. PDO::ERRMODE_EXCEPTION

The default error mode is PDO::ERRMODE_SILENT, which does not throw up any exceptions. You must remember to change the default mode to PDO::ERRMODE_EXCEPTION which throws up exceptions as soon as they occur and stops the execution of the script. You can write a simple try-catch code block to capture these exceptions. Failure to do so will require you to manually fetch these non-captured errors.
Now comes the most important part, the core function; retrieving information from the database. This can be done using two options, query and execute. The query method involves using the PDO::Quote method to manually escape data and is almost similar to the mysql_real_escape_string. A word of advice here; if you are dealing with data that a user fills in to a form, use prepared statements instead. For any other data that is not form data, the query method is ideal.
Prepared statements are used via the prepare method that use named parameters, eliminating the need for SQL injection. These statements are then executed by passing data into the named placeholders. Now we come to the part of receiving the data that is fetched by prepared statements.

The PDO API provides multiple options to interact with the result. These include:

  • PDO::FETCH_ASSOC – default response, returns an array
  • PDO::FETCH_BOTH – returns an array, indexed by both column-name, and 0-indexed
  • PDO::FETCH_BOUND – returns TRUE and uses PHP variable for assignment of values in the columns
  • PDO::FETCH_CLASS – returns a new instance of the class used
  • PDO::FETCH_OBJ – returns an object that contains property names associated with columns

The PDO prepare extension is especially suited to the execution on the same query multiple times, each time with separate parameters. You can easily perform the common CRUD tasks that every PHP developer handles day in and day out. But the advantage that rises above all these features, is the usage of an object or class instance for mapping query results.  These inherent advantages should be proof enough for you to switch over from your old MySQL API to PDO. It will not only make your code more secure, but also streamline it to a great extent. And who can forget the coveted flexibility to switch over to any database! All of you, the PHP developer community including all offshore PHP developers, go PDO now, if you haven’t already!

We are GoodCore, a leading offshore software development company in Malaysia. Having garnered expertise in every cutting-edge web development technology that emerges in the market, we apply our skills to the conceptualization, development and deployment of clutter-breaking solutions for clients across the world. We ensure that our team of developers, programmers and consultants are on top of every new development in the technology arena and are primed to lend that advantage to your product. Over the years, we have gained the trust and credibility of many elite clients across the globe. We wish to extend the same quality of services to you. You can hire dedicated PHP developers from us who will help develop cost-effective solutions that match your requirements to the T. If you wish to develop state-of-the-art PHP solutions that are not just path-breaking, but also ROI-intensive, don’t hesitate to approach us. Our vast repertoire of talent is at your service!

2 comments:

  1. your blog gave information regarding The PDO Way to connect the database with example is very useful.Thanks For Sharing!

    ReplyDelete
  2. Joomla and Drupal are the most powerful content management systems, which is generally used for web development as well as content management.

    php developer india

    ReplyDelete