I am reading Kevin Yank’s book ‘PHP and MYSQL Novice to Ninja’, a fantastic book for a non-ninja like me.
I am writing a simple form to populate a database, I use the CMS glfusion. The book uses the PHP extension PDO, but glfusion uses its own wrapper for example a query would be DB_query().
In the book p.124 they talk about prepared statements, where ‘prepare’ is a method of PDO.
$s = $pdo->prepare($sql);
Is the prepare method created somewhere in PDO?
How could I write this to use the DB_ wrapper?
Thank you both for the reply.
I will take the suggestion to write a PDO adapter to be a joke, as in the range of novice to ninja I am definitely at the novice end.
I am considering not using the CMS and starting from scratch and just following the book in its entirety. But it will mean having to great login forms and handle users and css and all that which the CMS did. Although the site will have no logged in users, just a form to populate, edit and delete rows from the database. Then a pages available to all which will pull data from the database in specific user defined ways and create a pdf.
Honestly, if your goal is to learn, then absolutely do this yourself from scratch. Not only will you learn how to build CRUD (create, read, update, delete) queries for yourself, but in the process, you will also get to learn about PHP’s session handling, how it processes forms, and more fun stuff.
And if you do do it from scratch, my suggestion is to not follow documentation on a CMS, that will probably do more to confuse you than anything else (as is already evident). When you’re in the learning stages, you don’t want or need the confusion of some API muddling up what is going on…learn straight SQL first, then with a crash course in OOP, you’ll be able to follow along much more clearly on what glfusion is doing.
I think you are absolutely right.
Thanks for giving me the push in this direction.
I think the benefits are that I will be able to get help easier and will properly learn how to do things.
The disadvantage is mainly that I will have to do everything myself, i.e. also write a section for people to login and the site won’t look as good.
I am committed now… it’s all or nothing!
Don’t worry about the design of the website – there are plenty of free templates you can download.
A couple pointers to get you started:
There are plenty of good tutorials available; here is the PHP documentation on it: http://php.net/manual/en/book.pdo.php
I’d start there, and then simply google any questions that you may come across that the manual does not answer clearly enough.
Make sure that you get prepared statements and named parameters absolutely drilled into your head, to the point it is second nature. Those are your defenses against SQL injection. They are very simple, here is an example of what your login script may look like:
// The username and password that was submitted by the login form
$username = $_POST['username'];
$password = $_POST['password'];
// Assume that $db variable is the PDO connection you created somewhere
$query = " SELECT username, password FROM users_table WHERE username = ? AND password = ? ";
$results = $db->prepare( $query );
$results->execute( array( $username, $password ) );
Note that for clarity, the above example assumes that you are storing passwords in the database unencrypted…which is something you would never, ever do. If you are using PHP 5.5 or newer, you should be using
PHP’s password_hash() function. http://php.net/manual/en/function.password-hash.php
That’s great info to get me started, just what I need.
I am a third of the way through Novice to Ninja book already today. So I am going to complete that.
Thanks for the link on encrypting passwords in the database.
I am quite excited about this at the moment.
Thanks for getting me started,