Jump to content
Sign in to follow this  
Balderick

CREATE database with OOP/prepared / placeholders. How?

Recommended Posts

 

Hi

can someone explain how to create a mysql database in php using OOP prepared statements.

I know how to do it with mysqli but I want to know if it can be done with placeholders and oop.

a good and clear tut about is okay, but please provide a clear tut about using placeholders and prepared regarding CREATING a new database.

 

 

 

 

Share this post


Link to post
Share on other sites

Bingo:

https://www.w3schools.com/php/php_mysql_create.asp

This will help too:

http://www.developphp.com/video/PHP/PDO-Prepared-Statements-PHP-Tutorial

These will get you started

Also, remember that google is your friend.  Always consider googling your topic.  A good google will always produce plenty of likely answers.  That's especially helpful when almost everyone's asleep.

 

 

 

Edited by niche

Share this post


Link to post
Share on other sites

It's not normal to use placeholders to create a database or tables because you don't use user input to create them. The structure is already defined in your software specifications.

Share this post


Link to post
Share on other sites
10 hours ago, Ingolme said:

It's not normal to use placeholders to create a database or tables because you don't use user input to create them. The structure is already defined in your software specifications.

 

This I hear from the beginning I started php programming 2 years ago. But this a recommendation. A strong recommendation I presume, but does this say that everyone just follows these rules, or, that, it is not possible?

The answer is no.

Would you, therefore, not use mysqli and sanitize and validate all input in a proper way?

I'm curious what your opinion is about that!

Share this post


Link to post
Share on other sites

My understanding is that PDO does the sanitation for you.

Validation is a different issue.

Edited by niche

Share this post


Link to post
Share on other sites
Quote

This I hear from the beginning I started php programming 2 years ago. But this a recommendation. A strong recommendation I presume, but does this say that everyone just follows these rules, or, that, it is not possible?

The answer is no.

Prepared statements are used with the data going into the database, they have nothing to do with the database structure.  If you are creating the database and tables then you don't use placeholders or prepared statements, because there is no data in those queries.  There are identifiers like table and column names, but prepared statements do not use placeholders for identifiers, only data.

Further, if your application is frequently changing the database structure, that is an indication that you did not design the database correctly to begin with.

The only time a web-based application typically does any database creation stuff is if you write an installer for someone to install your application on a new server.  And, even in that case, it's far more common to include a .sql file to execute to set everything up then it is to write a bunch of queries inside PHP.

So, is it possible?  Yeah.  Is it ever really a good idea?  No.

It's not a "rule" that people are following, it is a "best practice".  Best practices are called best practices for a reason.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...