![Assume the query is in the $sql variable $sql = "SELECT DISTINCT make FROM cars ORDER BY make"; For MySQL : $q = mysql_query($sql); while($r = mysql_fetch_assoc($q)) { echo $r['make'], "\n"; } For SQLite : $q = sqlite_query($dbh, $sql); while($r = sqlite_fetch_array($q, SQLITE_ASSOC)) { echo $r['make'], "\n"; } And, finally, PostgreSQL : $q = pg_query($sql); while($r = pg_fetch_assoc($q)) { echo $r['make'], "\n"; }](https://image.slidesharecdn.com/php-data-objects-1208776351313549-9/85/Php-Data-Objects-13-320.jpg)
![Issuing SQL Queries – Cont… As you may already have guessed, things are pretty straightforward when it comes to PDO: We don't care what the underlying database is, and the methods for fetching rows are the same across all databases. So, the above code could be rewritten for PDO in the following way: mysql_fetch_array(), sqlite_fetch_array() without the second parameter, or pg_fetch_array().) $q = $conn->query("SELECT DISTINCT make FROM cars ORDER BY make"); while($r = $q->fetch( PDO::FETCH_ASSOC )) { echo $r['make'], "\n"; } Nothing is different from what happens before. One thing to note here is that we explicitly specified the PDO::FETCH_ASSOC fetch style constant here, since PDO's default behavior is to fetch the result rows as arrays indexed both by column name and number. (This behavior is similar to mysql_fetch_array(), sqlite_fetch_array() without the second parameter, or pg_fetch_array().)](https://image.slidesharecdn.com/php-data-objects-1208776351313549-9/85/Php-Data-Objects-14-320.jpg)
![Issue the query $q = $conn->query("SELECT authors.id AS authorId, firstName, lastName, books.* FROM authors, books WHERE author=authors.id ORDER BY title"); $books = $q->fetchAll(PDO::FETCH_ASSOC) ; foreach($books as $r) { ?> <tr> <td><a href="author.php?id=<?=$r['authorId']?>"> <?=htmlspecialchars("$r[firstName] $r[lastName]")?></a></td> <td><?=htmlspecialchars($r['title'])?></td> <td><?=htmlspecialchars($r['isbn'])?></td> <td><?=htmlspecialchars($r['publisher'])?></td> <td><?=htmlspecialchars($r['year'])?></td> <td><?=htmlspecialchars($r['summary'])?></td> </tr> <?php } ?>](https://image.slidesharecdn.com/php-data-objects-1208776351313549-9/85/Php-Data-Objects-15-320.jpg)
![Error Handling – Cont… PDO error handling Assume the connection string is one of the following: // $connStr = 'mysql:host=localhost;dbname=cars' // $connStr = 'sqlite:/path/to/cars.ldb'; // $connStr = 'pgsql:host=localhost dbname=cars'; try { $conn = new PDO($connStr, 'boss', 'password'); } catch(PDOException $pe) { die('Could not connect to the database because: ' . $pe->getMessage(); } $q = $conn->query("SELECT DISTINCT make FROM cars ORDER BY make"); if(!$q) { $ei = $conn->errorInfo(); die('Could not execute query because: ' . $ei[2]); }](https://image.slidesharecdn.com/php-data-objects-1208776351313549-9/85/Php-Data-Objects-19-320.jpg)
Php Data Objects
- 1. PHP Data Objects A tour of new features
- 2. Introduction PHP Data Objects, (PDO) is a PHP5 extension that defines a lightweight DBMS connection abstraction library (sometimes called data access abstraction library). PDO provides a data-access abstraction layer, which means that, regardless of which database you're using, you use the same functions to issue queries and fetch data. This means that PDO defines a unified interface for creating and maintaining database connections, issuing queries, quoting parameters, traversing result sets, dealing with prepared statements, and error handling. PDO ships with PHP 5.1, and is available as a PECL extension for PHP 5.0; PDO requires the new OO features in the core of PHP 5, and so will not run with earlier versions of PHP.
- 3. Installation Guidelines Windows users running PHP 5.1.0 and up PDO and all the major drivers ship with PHP as shared extensions, and simply need to be activated by editing the php.ini file: extension=php_pdo.dll Next, choose the other database-specific DLL files and enable them in php.ini below php_pdo.dll. For example: extension=php_pdo.dll extension=php_pdo_firebird.dll extension=php_pdo_mssql.dll extension=php_pdo_mysql.dll extension=php_pdo_oci.dll extension=php_pdo_oci8.dll extension=php_pdo_odbc.dll extension=php_pdo_pgsql.dll extension=php_pdo_sqlite.dll These DLLs should exist in the system's extension_dir.
- 4. Using PDO
- 5. Connecting to the Database Let's consider the well-known MySQL connection scenario: mysql_connect($host, $user, $password); mysql_select_db($db); In SQLite , for example, we would write something like the following: $dbh = sqlite_open($db, 0666); In PostgreSQ L, for example, we would write something like the following: pg_connect("host=$host dbname=$db user=$user password=$password"); Here, we establish a connection and then select the default database for the connection. (OLD /CURRENT TECHNIQUE)
- 6. Connecting to the Database – Cont.. Now, let's see what PDO has to offer. As PDO is fully object-oriented, we will be dealing with connection objects, and further interaction with the database will involve calling various methods of these objects. With PDO, we will always have to explicitly use the connection object, since there is no other way of calling its methods. Each of the three above connections could be established in the following manner: For MySQL: $conn = new PDO("mysql:host=$host;dbname=$db", $user, $pass); For SQLite: $conn = new PDO("sqlite:$db"); For PostgreSQL : $conn = new PDO("pgsql:host=$host dbname=$db", $user, $pass);
- 7. Connecting to the Database – Cont.. As you can see, the only part that is changing here is the first argument passed to the PDO constructor. For SQLite, which does not utilize username and password, the second and third arguments can be skipped. SQLite is not a database server, but it is an embedded SQL database library that operates on local files. More information about SQLite can be found at www.sqlite.org and more information about using SQLite with PHP can be found at www.php.net/sqlite.
- 8. Connecting to the Database – Connection Strings As you have seen in previous example, PDO uses the so-called connection strings (or Data Source Names, abbreviated to DSN) that allow the PDO constructor to select proper driver and pass subsequent method calls to it. These connection strings or DSNs are different for every database management system and are the only things that you will have to change. Their advantage over using traditional methods of creating database connection is that you don't have to modify your code if you change the database management system. A connection string can be defined in a configuration file and that file gets processed by your application. Should your database (data source) change, you just edit that configuration file and the rest of your code is kept intact.
- 9. Connecting to the Database – Connection Strings Create the connection object $conn = new PDO( $connStr , $user, $pass); DB connection string and username/password $connStr = 'mysql:host=localhost;dbname=pdo'; $user = 'root'; $pass = 'root'; The three connection strings looked like the following: mysql:host=localhost;dbname=cars sqlite:/path/to/cars.db pgsql:host=localhost dbname=cars As we can see, the prefix (the substring before the first semicolon) always keeps the name of the PDO driver. Since we don't have to use different functions to create a connection with PDO, this prefix tells us which internal driver should be used. The rest of the string is parsed by that driver to further initiate the connection.
- 10. Issuing SQL Queries Previously, we would have had to call different functions, depending on the database: Let's keep our SQL in a single variable $sql = 'SELECT DISTINCT make FROM cars ORDER BY make'; Now, assuming MySQL : mysql_connect('localhost', 'boss', 'password'); mysql_select_db('cars'); $q = mysql_query($sql); For SQLite we would do: $dbh = sqlite_open('/path/to/cars.ldb', 0666); $q = sqlite_query($sql, $dbh); And for PostgreSQL : pg_connect("host=localhost dbname=cars user=boss password=password"); $q = pg_query($sql);
- 11. Issuing SQL Queries – Cont… Now that we are using PDO, we can do the following: Assume the $connStr variable holds a valid connection string $sql = 'SELECT DISTINCT make FROM cars ORDER BY make'; $conn = new PDO($connStr, 'boss', 'password'); $q = $conn->query($sql); As you can see, doing things the PDO way is not too different from traditional methods of issuing queries. Also, here it should be underlined, that a call to $conn->query() is returning another object of class PDOStatement , unlike the calls to mysql_query(), sqlite_query(), and pg_query(), which return PHP variables of the resource type.
- 12. Issuing SQL Queries – Cont… The PDO class defines a single method for quoting strings so that they can be used safely in queries. $m = $conn->quote($make); $q = $conn->query("SELECT sum(price) FROM cars WHERE make=$m"); Now that we have issued our query, we will want to see its results. As the query in the last example will always return just one row, we will want more rows. Again, the three databases will require us to call different functions on the $q variable that was returned from one of the three calls to mysql_query(), sqlite_query(), or pg_query(). So our code for getting all the cars will look similar to this:
- 13. Assume the query is in the $sql variable $sql = "SELECT DISTINCT make FROM cars ORDER BY make"; For MySQL : $q = mysql_query($sql); while($r = mysql_fetch_assoc($q)) { echo $r['make'], "\n"; } For SQLite : $q = sqlite_query($dbh, $sql); while($r = sqlite_fetch_array($q, SQLITE_ASSOC)) { echo $r['make'], "\n"; } And, finally, PostgreSQL : $q = pg_query($sql); while($r = pg_fetch_assoc($q)) { echo $r['make'], "\n"; }
- 14. Issuing SQL Queries – Cont… As you may already have guessed, things are pretty straightforward when it comes to PDO: We don't care what the underlying database is, and the methods for fetching rows are the same across all databases. So, the above code could be rewritten for PDO in the following way: mysql_fetch_array(), sqlite_fetch_array() without the second parameter, or pg_fetch_array().) $q = $conn->query("SELECT DISTINCT make FROM cars ORDER BY make"); while($r = $q->fetch( PDO::FETCH_ASSOC )) { echo $r['make'], "\n"; } Nothing is different from what happens before. One thing to note here is that we explicitly specified the PDO::FETCH_ASSOC fetch style constant here, since PDO's default behavior is to fetch the result rows as arrays indexed both by column name and number. (This behavior is similar to mysql_fetch_array(), sqlite_fetch_array() without the second parameter, or pg_fetch_array().)
- 15. Issue the query $q = $conn->query("SELECT authors.id AS authorId, firstName, lastName, books.* FROM authors, books WHERE author=authors.id ORDER BY title"); $books = $q->fetchAll(PDO::FETCH_ASSOC) ; foreach($books as $r) { ?> <tr> <td><a href="author.php?id=<?=$r['authorId']?>"> <?=htmlspecialchars("$r[firstName] $r[lastName]")?></a></td> <td><?=htmlspecialchars($r['title'])?></td> <td><?=htmlspecialchars($r['isbn'])?></td> <td><?=htmlspecialchars($r['publisher'])?></td> <td><?=htmlspecialchars($r['year'])?></td> <td><?=htmlspecialchars($r['summary'])?></td> </tr> <?php } ?>
- 16. Issuing SQL Queries – Cont… For example, MySQL extends the SQL syntax with this form of insert: INSERT INTO mytable SET x=1, y='two'; This kind of SQL code is not portable, as other databases do not understand this way of doing inserts. To ensure that your inserts work across databases, you should replace the above code with : INSERT INTO mytable(x, y) VALUES(1, 'two');
- 17. Error Handling Of course, the above examples didn't provide for any error checking, so they are not very useful for real-life applications. When working with a database, we should check for errors when opening the connection to the database, when selecting the database and after issuing every query. Most web applications, however, just need to display an error message when something goes wrong (without going into error detail, which could reveal some sensitive information). However, when debugging an error, you (as the developer) would need the most detailed error information possible so that you can debug the error in the shortest possible time. One simplistic scenario would be to abort the script and present the error message (although this is something you probably would not want to do).
- 18. Error Handling – Cont… Depending on the database, our code might look like this: For Sqlite $dbh = sqlite_open('/path/to/cars.ldb', 0666) or die ('Error opening SQLite database: ' . sqlite_error_string(sqlite_last_error($dbh)) ); $q = sqlite_query("SELECT DISTINCT make FROM cars ORDER BY make",$dbh) or die('Could not execute query because: '. sqlite_error_string(sqlite_last_error($dbh)) ); For PostgreSQL pg_connect("host=localhost dbname=cars;user=boss;password=password") or die('Could not connect to PostgreSQL: '. pg_last_error() ); $q = pg_query("SELECT DISTINCT make FROM cars ORDER BY make") or die('Could not execute query because: ' . pg_last_error() ); As you can see, error handling is starting to get a bit different for SQLite compared to MySQL and PostgreSQL. (Note the call to sqlite_error_string (sqlite_last_error($dbh)).)
- 19. Error Handling – Cont… PDO error handling Assume the connection string is one of the following: // $connStr = 'mysql:host=localhost;dbname=cars' // $connStr = 'sqlite:/path/to/cars.ldb'; // $connStr = 'pgsql:host=localhost dbname=cars'; try { $conn = new PDO($connStr, 'boss', 'password'); } catch(PDOException $pe) { die('Could not connect to the database because: ' . $pe->getMessage(); } $q = $conn->query("SELECT DISTINCT make FROM cars ORDER BY make"); if(!$q) { $ei = $conn->errorInfo(); die('Could not execute query because: ' . $ei[2]); }