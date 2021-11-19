richarddunnebsc: richarddunnebsc: public function __construct()

The PDO extension, which consists of three OOP classes, is actually well written. There’s no good reason to add another class definition around it. This is just adding unnecessary typing and processing. If you want to do something useful for the PDO extension, extend the PDO class to add a general-purpose prepared/non-prepared query method, that accepts an optional call-time array parameter that causes the method to either use the query method (non-prepared query) or use the prepare/execute methods (prepared query.)

richarddunnebsc: richarddunnebsc: echo 'ERROR: ' . $e->get_message();

Don’t unconditionally output the raw database error information. This only helps hackers when they internationally trigger errors. You can trigger a connection error by making a large number of requests that consume all the available connections, and a connection error contains the database server host name/ip address, the username, if you are using a password or not, and web server path information. This gives hackers 2/3 or all of the information they need to break into your database on shared web hosting or if remote access is allowed. Instead, in most cases, just let php catch and handle the exception, where php will use it error related settings to control what happens with the actual error information, via an uncaught exception error (database statement errors will get displayed/logged the same as php errors.)

richarddunnebsc: richarddunnebsc: $dns

It’s actually dsn (Data Source Name.)

richarddunnebsc: richarddunnebsc: If I set a password for mysql, I get access denied for ‘user’@‘localhost’ for password=yes

Depending on which tool you used to create the user/password, you also need to assign which databases the user has permission to access and you need to ‘flush’ the privileges to cause them to take effect.