Revisions to Selecting and inserting MySQL records using PDO

added 4 characters in body

Source Link

edited Jun 2, 2015 at 16:11

141
3

public function queryInsert($tableName, array $arrayColums) {

    if (!is_array($arrayColums) or ! is_string($tableName)) {
        die('Неверный формат данных в запросе SELECT в запросе SQL');
    }

    $colums = $placeholders = '';
    $values = array();
    
    foreach ($arrayColums as $key => $value) {

        if (!is_string($value) or ! is_string($key)) {
            die('Неверный формат данных в запросе SQL');
        }
        $colums .= SequrityData::SequrityReturnData($key) . ', ';
        $placeholders .= ':' . SequrityData::SequrityReturnData($key) . ', ';
        $values[':' . SequrityData::SequrityReturnData($key)] = $value
    }
    $colums = substr($colums, 0, -2);
    $placeholders = substr($placeholders, 0, -2);

    $tableName = SequrityData::SequrityReturnData($tableName);
    $insert = "INSERT INTO $tableName ($colums) VALUES ($placeholders)";
    $query = $this->_PDO->prepare($insert);
    $this->_PDO$query->execute($values);
    
}

try {
    $this->_PDO$query->execute($values);
}
catch (PDOException $e) {
    $logger = new ExceptionLogger();
    $logger->error($e);
    throw new MysqlAccessException('Unable to execute insert.');
}

public function queryInsert($tableName, array $arrayColums) {

    if (!is_array($arrayColums) or ! is_string($tableName)) {
        die('Неверный формат данных в запросе SELECT в запросе SQL');
    }

    $colums = $placeholders = '';
    $values = array();
    
    foreach ($arrayColums as $key => $value) {

        if (!is_string($value) or ! is_string($key)) {
            die('Неверный формат данных в запросе SQL');
        }
        $colums .= SequrityData::SequrityReturnData($key) . ', ';
        $placeholders .= ':' . SequrityData::SequrityReturnData($key) . ', ';
        $values[':' . SequrityData::SequrityReturnData($key)] = $value
    }
    $colums = substr($colums, 0, -2);
    $placeholders = substr($placeholders, 0, -2);

    $tableName = SequrityData::SequrityReturnData($tableName);
    $insert = "INSERT INTO $tableName ($colums) VALUES ($placeholders)";
    $this->_PDO->prepare($insert);
    $this->_PDO->execute($values);
    
}

try {
    $this->_PDO->execute($values);
}
catch (PDOException $e) {
    $logger = new ExceptionLogger();
    $logger->error($e);
    throw new MysqlAccessException('Unable to execute insert.');
}

public function queryInsert($tableName, array $arrayColums) {

    if (!is_array($arrayColums) or ! is_string($tableName)) {
        die('Неверный формат данных в запросе SELECT в запросе SQL');
    }

    $colums = $placeholders = '';
    $values = array();
    
    foreach ($arrayColums as $key => $value) {

        if (!is_string($value) or ! is_string($key)) {
            die('Неверный формат данных в запросе SQL');
        }
        $colums .= SequrityData::SequrityReturnData($key) . ', ';
        $placeholders .= ':' . SequrityData::SequrityReturnData($key) . ', ';
        $values[':' . SequrityData::SequrityReturnData($key)] = $value
    }
    $colums = substr($colums, 0, -2);
    $placeholders = substr($placeholders, 0, -2);

    $tableName = SequrityData::SequrityReturnData($tableName);
    $insert = "INSERT INTO $tableName ($colums) VALUES ($placeholders)";
    $query = $this->_PDO->prepare($insert);
    $query->execute($values);
    
}

try {
    $query->execute($values);
}
catch (PDOException $e) {
    $logger = new ExceptionLogger();
    $logger->error($e);
    throw new MysqlAccessException('Unable to execute insert.');
}

added 6 characters in body

Source Link

edited Jun 1, 2015 at 21:03

Manolis Agkopian

141
3

It's also a good idea to catch any PDOPDOException exceptionss inside the class, log them, and then inside the catch block throw a more generic type of exception like MysqlAccessException to catch on the client code. You don't want to catch PDOExceptions on the client code because they are very specific, and if you decide in the future to change the database class and use something else instead of PDO you will have the to update the client code as well.

An other thing is that you should never hardcode database credentials in your database class. You should pass them through the constructor. A nice idea would be to have a dedicated config class that is responsible for providing the app configuration data by parsing a config file. This will also enable you to decouple the logic from the data and have different config files for production and development environments. An other reason why you don't want to hardcode this kind of data, is that if you use a versioning system like git and you are not the only person that maintains the code you don't want to commit sensitive data to the repository.

It's also a good idea to catch any PDO exceptions inside the class, log them, and then inside the catch block throw a more generic type of exception like MysqlAccessException to catch on the client code. You don't want to catch PDOExceptions on the client code because they are very specific, and if you decide in the future to change the database class and use something else instead of PDO you will have the to update the client code as well.

An other thing is that you should never hardcode database credentials in your database class. You should pass them through the constructor. A nice idea would be to have a dedicated config class that is responsible for providing the app configuration data by parsing a config file. This will also enable you to decouple the logic from the data and have different config files for production and development environments.

It's also a good idea to catch any PDOExceptions inside the class, log them, and then inside the catch block throw a more generic type of exception like MysqlAccessException to catch on the client code. You don't want to catch PDOExceptions on the client code because they are very specific, and if you decide in the future to change the database class and use something else instead of PDO you will have the to update the client code as well.

An other thing is that you should never hardcode database credentials in your database class. You should pass them through the constructor. A nice idea would be to have a dedicated config class that is responsible for providing the app configuration data by parsing a config file. This will also enable you to decouple the logic from the data and have different config files for production and development environments. An other reason why you don't want to hardcode this kind of data, is that if you use a versioning system like git and you are not the only person that maintains the code you don't want to commit sensitive data to the repository.

added 6 characters in body

Source Link

edited Jun 1, 2015 at 20:53

Manolis Agkopian

141
3

public function queryInsert($tableName, array $arrayColums) {

    if (!is_array($arrayColums) or ! is_string($tableName)) {
        die('Неверный формат данных в запросе SELECT в запросе SQL');
    }

    $colums = $placeholders = '';
    $values = array();
    
    foreach ($arrayColums as $key => $value) {

        if (!is_string($value) or ! is_string($key)) {
            die('Неверный формат данных в запросе SQL');
        }
        $colums .= SequrityData::SequrityReturnData($key) . ', ';
        $placeholders .= ':' . SequrityData::SequrityReturnData($key) . ', ';
        $values[':' . SequrityData::SequrityReturnData($key)] = $value
    }
    $colums = substr($colums, 0, -2);
    $placeholders = substr($values$placeholders, 0, -2);

    $tableName = SequrityData::SequrityReturnData($tableName);
    $insert = "INSERT INTO $tableName ($colums) VALUES ($placeholders)";
    $this->_PDO->prepare($insert);
    $this->_PDO->execute($values);
    
}

public function queryInsert($tableName, array $arrayColums) {

    if (!is_array($arrayColums) or ! is_string($tableName)) {
        die('Неверный формат данных в запросе SELECT в запросе SQL');
    }

    $colums = $placeholders = '';
    $values = array();
    
    foreach ($arrayColums as $key => $value) {

        if (!is_string($value) or ! is_string($key)) {
            die('Неверный формат данных в запросе SQL');
        }
        $colums .= SequrityData::SequrityReturnData($key) . ', ';
        $placeholders .= ':' . SequrityData::SequrityReturnData($key) . ', ';
        $values[':' . SequrityData::SequrityReturnData($key)] = $value
    }
    $colums = substr($colums, 0, -2);
    $placeholders = substr($values, 0, -2);

    $tableName = SequrityData::SequrityReturnData($tableName);
    $insert = "INSERT INTO $tableName ($colums) VALUES ($placeholders)";
    $this->_PDO->prepare($insert);
    $this->_PDO->execute($values);
    
}

public function queryInsert($tableName, array $arrayColums) {

    if (!is_array($arrayColums) or ! is_string($tableName)) {
        die('Неверный формат данных в запросе SELECT в запросе SQL');
    }

    $colums = $placeholders = '';
    $values = array();
    
    foreach ($arrayColums as $key => $value) {

        if (!is_string($value) or ! is_string($key)) {
            die('Неверный формат данных в запросе SQL');
        }
        $colums .= SequrityData::SequrityReturnData($key) . ', ';
        $placeholders .= ':' . SequrityData::SequrityReturnData($key) . ', ';
        $values[':' . SequrityData::SequrityReturnData($key)] = $value
    }
    $colums = substr($colums, 0, -2);
    $placeholders = substr($placeholders, 0, -2);

    $tableName = SequrityData::SequrityReturnData($tableName);
    $insert = "INSERT INTO $tableName ($colums) VALUES ($placeholders)";
    $this->_PDO->prepare($insert);
    $this->_PDO->execute($values);
    
}

deleted 1 character in body

Source Link

edited Jun 1, 2015 at 20:46

Manolis Agkopian

141
3

Loading

deleted 1 character in body

Source Link

edited Jun 1, 2015 at 20:35

Manolis Agkopian

141
3

Loading

added 302 characters in body

Source Link

edited Jun 1, 2015 at 20:28

Manolis Agkopian

141
3

Loading

Source Link

answered Jun 1, 2015 at 20:17

Manolis Agkopian

141
3

Loading

Stack Exchange Network

Return to Answer