Balderick Posted June 3, 2017 Share Posted June 3, 2017 Hi can someone explain how to create a mysql database in php using OOP prepared statements. I know how to do it with mysqli but I want to know if it can be done with placeholders and oop. a good and clear tut about is okay, but please provide a clear tut about using placeholders and prepared regarding CREATING a new database. Link to comment Share on other sites More sharing options...
niche Posted June 3, 2017 Share Posted June 3, 2017 (edited) Bingo: https://www.w3schools.com/php/php_mysql_create.asp This will help too: http://www.developphp.com/video/PHP/PDO-Prepared-Statements-PHP-Tutorial These will get you started Also, remember that google is your friend. Always consider googling your topic. A good google will always produce plenty of likely answers. That's especially helpful when almost everyone's asleep. Edited June 3, 2017 by niche Link to comment Share on other sites More sharing options...
Ingolme Posted June 3, 2017 Share Posted June 3, 2017 It's not normal to use placeholders to create a database or tables because you don't use user input to create them. The structure is already defined in your software specifications. Link to comment Share on other sites More sharing options...
Balderick Posted June 4, 2017 Author Share Posted June 4, 2017 10 hours ago, Ingolme said: It's not normal to use placeholders to create a database or tables because you don't use user input to create them. The structure is already defined in your software specifications. This I hear from the beginning I started php programming 2 years ago. But this a recommendation. A strong recommendation I presume, but does this say that everyone just follows these rules, or, that, it is not possible? The answer is no. Would you, therefore, not use mysqli and sanitize and validate all input in a proper way? I'm curious what your opinion is about that! Link to comment Share on other sites More sharing options...
niche Posted June 4, 2017 Share Posted June 4, 2017 (edited) My understanding is that PDO does the sanitation for you. Validation is a different issue. Edited June 4, 2017 by niche Link to comment Share on other sites More sharing options...
justsomeguy Posted June 5, 2017 Share Posted June 5, 2017 Quote This I hear from the beginning I started php programming 2 years ago. But this a recommendation. A strong recommendation I presume, but does this say that everyone just follows these rules, or, that, it is not possible? The answer is no. Prepared statements are used with the data going into the database, they have nothing to do with the database structure. If you are creating the database and tables then you don't use placeholders or prepared statements, because there is no data in those queries. There are identifiers like table and column names, but prepared statements do not use placeholders for identifiers, only data. Further, if your application is frequently changing the database structure, that is an indication that you did not design the database correctly to begin with. The only time a web-based application typically does any database creation stuff is if you write an installer for someone to install your application on a new server. And, even in that case, it's far more common to include a .sql file to execute to set everything up then it is to write a bunch of queries inside PHP. So, is it possible? Yeah. Is it ever really a good idea? No. It's not a "rule" that people are following, it is a "best practice". Best practices are called best practices for a reason. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now