Jump to content

CREATE database with OOP/prepared / placeholders. How?


Balderick

Recommended Posts

 

Hi

can someone explain how to create a mysql database in php using OOP prepared statements.

I know how to do it with mysqli but I want to know if it can be done with placeholders and oop.

a good and clear tut about is okay, but please provide a clear tut about using placeholders and prepared regarding CREATING a new database.

 

 

 

 

Link to comment
Share on other sites

Bingo:

https://www.w3schools.com/php/php_mysql_create.asp

This will help too:

http://www.developphp.com/video/PHP/PDO-Prepared-Statements-PHP-Tutorial

These will get you started

Also, remember that google is your friend.  Always consider googling your topic.  A good google will always produce plenty of likely answers.  That's especially helpful when almost everyone's asleep.

 

 

 

Edited by niche
Link to comment
Share on other sites

It's not normal to use placeholders to create a database or tables because you don't use user input to create them. The structure is already defined in your software specifications.

Link to comment
Share on other sites

10 hours ago, Ingolme said:

It's not normal to use placeholders to create a database or tables because you don't use user input to create them. The structure is already defined in your software specifications.

 

This I hear from the beginning I started php programming 2 years ago. But this a recommendation. A strong recommendation I presume, but does this say that everyone just follows these rules, or, that, it is not possible?

The answer is no.

Would you, therefore, not use mysqli and sanitize and validate all input in a proper way?

I'm curious what your opinion is about that!

Link to comment
Share on other sites

My understanding is that PDO does the sanitation for you.

Validation is a different issue.

Edited by niche
Link to comment
Share on other sites

Quote

This I hear from the beginning I started php programming 2 years ago. But this a recommendation. A strong recommendation I presume, but does this say that everyone just follows these rules, or, that, it is not possible?

The answer is no.

Prepared statements are used with the data going into the database, they have nothing to do with the database structure.  If you are creating the database and tables then you don't use placeholders or prepared statements, because there is no data in those queries.  There are identifiers like table and column names, but prepared statements do not use placeholders for identifiers, only data.

Further, if your application is frequently changing the database structure, that is an indication that you did not design the database correctly to begin with.

The only time a web-based application typically does any database creation stuff is if you write an installer for someone to install your application on a new server.  And, even in that case, it's far more common to include a .sql file to execute to set everything up then it is to write a bunch of queries inside PHP.

So, is it possible?  Yeah.  Is it ever really a good idea?  No.

It's not a "rule" that people are following, it is a "best practice".  Best practices are called best practices for a reason.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...