1
\$\begingroup\$

Do you think this code is good if I want to do a simple SQL query? Is it safe to use? Or am I doing something wrong?

class DBconnection {
 private $dbusername = "testtest";
 private $dbpassword = "testtest";
 protected $conn;
 public function __construct(){
 try {
 $this->conn = new PDO("mysql:host=localhost;dbname=yxy_user;charset=utf8", $this->dbusername, $this->dbpassword);
 // set the PDO error mode to exception
 $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 } catch(PDOException $e) {
 echo "Connection failed: " . $e->getMessage();
 error_log("Failed to connect to database!", 0);
 }
 }
}
class Query extends DBconnection {
 
 public function FetchQuery($query, $params) { 
 $stmt = $this->conn->prepare($query);
 $stmt->execute($params);
 $result_query_fetch = $stmt->fetch(PDO::FETCH_ASSOC);
 if($result_query_fetch) {
 return $result_query_fetch;
 }
 else {
 return false;
 }
 }
 
 
}
$Query_Class = new Query;
$myResult = $Query_Class->FetchQuery("SELECT name 
 FROM customers 
 WHERE id =:id",
 array(":id" => "12345"));
if($myResult){
 print_r ($myResult);
}
else {
 echo "No results!";
}
Dharman
8818 silver badges13 bronze badges
asked Jun 30, 2022 at 17:41
\$\endgroup\$
1
  • 1
    \$\begingroup\$ The current question title, which states your concerns about the code, applies to too many questions on this site to be useful. The site standard is for the title to simply state the task accomplished by the code. Please see How do I ask a good question?. \$\endgroup\$ Commented Jul 4, 2022 at 8:18

1 Answer 1

6
\$\begingroup\$

Nope, this "PDO query" is NOT okay, especially "to use in PHP OOP".

The Database class does nothing useful, and shouldn't exist.
The Query class should never extend the Database class, because a query is not a database.
The code at whole is just an attempt to create a single procedure FetchQuery() - so you have to do exactly that:

db_credentials.php

<?php
$dbhost = 'localhost';
$dbname = 'yxy_user';
$dbusername = '';
$dbpassword = '';

db.php

<?php
require 'db_credentials.php';
$pdo = new PDO("mysql:host=$dbhost;dbname=$dbname;charset=utf8mb4", $dbusername, $dbpassword);
// set the PDO error mode to exception
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
function pdo($pdo, $sql, $args = NULL)
{
 $stmt = $pdo->prepare($sql);
 $stmt->execute($args);
 return $stmt;
}

and then use it elsewhere

<?php
require 'db.php';
$sql = "SELECT name FROM customers WHERE id =:id";
$myResult = pdo($sql,[":id" => "12345"])->fetch(PDO::FETCH_ASSOC);
if($myResult){
 print_r ($myResult);
}
else {
 echo "No results!";
}

Note that this function returns the PDOStatement instance, which makes it extremely convenient and universal, you can see usage examples in this answer.

As of OOP, it is not an easy topic. There is a lot to learn. But above all, there must be a clear purpose for the class. For the moment I just don't see any use for the classes provided. But if you have other ideas or use cases for your database classes, you can post another question.

answered Jul 3, 2022 at 11:19
\$\endgroup\$

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.