Scribd
Upload
178 views

11.1 PHP - Data - Object - PDO

PDO is a PHP extension that acts as a data abstraction layer, allowing for database-independent SQL queries. It supports many database systems and makes switching databases easier. PDO connections use prepared statements to protect against SQL injection. Data can be fetched from queries in various formats like associative arrays or objects. Inserts and updates use placeholders that are bound to query parameters for security.

Uploaded by

splokbov
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
178 views

11.1 PHP - Data - Object - PDO

PDO is a PHP extension that acts as a data abstraction layer, allowing for database-independent SQL queries. It supports many database systems and makes switching databases easier. PDO connections use prepared statements to protect against SQL injection. Data can be fetched from queries in various formats like associative arrays or objects. Inserts and updates use placeholders that are bound to query parameters for security.

Uploaded by

splokbov
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

PHP Data Object - PDO

What is PDO
 a PHP5 extension written in a compiled language (C/C++)
 a Lightweight DBMS connection abstract library (data access
abstraction library)

 It doesn’t account for database-specific syntax, but can allow


for the process of switching databases and platforms to be
fairly painless, simply by switching the connection string in
many instances.
Advantages of PDO
 Support great number of database systems supported by PHP
 Don't need rewriting of many lines of code for each database.
Just write once and run anywhere
 Application created is more easy to install. Do not need third
party software
How to activate PDO
 PDO is a php extension which needs to be activated as
follows:
 Go to php.ini file and uncomment at line
extension=php_pdo.dll, extension=php_pdo_mysql.dll. If
still not exist, write them.
 Or if you are using EasyPHP -> go to its Panel\Config\Ext
PDO Database Connection (1)
// configuration
$dbtype = "mysql"; $dbhost= "localhost";
$dbname= "webtech"; $dbuser = "admin“;
$dbpass= "admin";
$dbpath = "c:/test.db"; $connecion ="";
// switching
switch($dbtype){
case "mysql":
$dbconn = "mysql:dbhost=$dbhost;dbname=$dbname";
break;
case "sqlite":
$dbconn = "sqlite:$dbpath";
break;
PDO Database Connection (2)
case "postgresql":
$dbconn = "pgsql:host=$dbhost dbname=$dbname";
break;
}
// Error Handling - database connection
try {
$connection = new PDO($dbconn,$dbuser,$dbpass);
}
catch(PDOException $e) {
echo $e->getMessage();
}
?>
Selecting Data
 Data is obtained via the ->fetch() method
 Fetch Options:
 PDO::FETCH_ASSOC: returns an array indexed by column name
 PDO::FETCH_BOTH (default): returns an array indexed by both column
name and number
 PDO::FETCH_BOUND: Assigns the values of your columns to the variables
set with the ->bindColumn() method
 PDO::FETCH_CLASS: Assigns the values of your columns to properties of the
named class. It will create the properties if matching properties do not exist
 PDO::FETCH_INTO: Updates an existing instance of the named class
 PDO::FETCH_LAZY: Combines PDO::FETCH_BOTH/PDO::FETCH_OBJ,
creating the object variable names as they are used
 PDO::FETCH_NUM: returns an array indexed by column number
 PDO::FETCH_OBJ: returns an anonymous object with property names that
correspond to the column names
FETCH ASSOC example
 This fetch type creates an associative array, indexed by
column name.:
$result = $connection->query('SELECT
Module_Code,Module_Name from modules');
# setting the fetch mode
$result->setFetchMode(PDO::FETCH_ASSOC);

while($row = $result->fetch()) {
echo $row['Module_Code'] ." ";
echo $row['Module_Name'] ."\n";
}
FETCH OBJ example
This fetch type creates an object of std class for each row of
fetched data.

$result = $connection->query('SELECT
Module_Code,Module_Name from modules');
# setting the fetch mode
$result->setFetchMode(PDO::FETCH_OBJ);
while($row = $result->fetch()) {
echo $row->Module_Code;
echo $row->Module_Name;
}
Insert and Update
 Inserting new data, or updating existing data is one of the
more common database operations.
 Using PDO, this is normally a two-step process. Everything
covered in this section applies equally to both UPDATE and
INSERT operations.
 EG: Basic Insert operation
# STH means "Statement Handle"
$STH = $DBH-
>prepare("INSERT INTO folks ( first_name ) values ( 'Cathy'
)");
$STH->execute();

 Subject to SQL Injection attacks


Prepared Statements
 A prepared statement is a precompiled SQL statement that
can be executed multiple times by sending just the data to the
server. It has the added advantage of automatically making
the data used in the placeholders safe from SQL injection
attacks.
 You use a prepared statement by including placeholders in
your SQL.
Insert with named place holders
# the first argument is the named placeholder name -
notice named
# placeholders always start with a colon.
$STH->bindParam(':name', $name);
# the data we want to insert
$data = array( 'name' => 'Cathy', 'addr' => '9 Dark and
Twisty', 'city' => 'Cardiff' );

# the shortcut!
$STH = $DBH->("INSERT INTO folks (name, addr, city)
value (:name, :addr, :city)");
$STH->execute($data);
References
 http://net.tutsplus.com/tutorials/php/why-you-should-be-
using-phps-pdo-for-database-access/
 http://www.phpeveryday.com/articles/PDO-Positional-
and-Named-Placeholders-P551.html

You might also like