www.supinfo.com

Copyright © SUPINFO. All rights reserved

PDO, PHP Data Object

Use a Database with PHP

Course objectives

Explain what is PDO.

Use PDO in a PHP project.

Manage Transactions with PDO.

Explain and use Prepared Statements.

At the end of this lesson you will be able to:

PDO, PHP Data Object

Course topics

Introduction.

Basics.

Transaction Management.

Prepared Statements.

Course plan:

PDO, PHP Data Object

Introduction

Why PDO ?

PDO, PHP Data Object

Preview

Before PDO…

… and now.

PDO Architecture.

Advantages.

Installation.

Here the chapters which we will approach:

Introduction

Before PDO…

PDO is only available since PHP 5.

In PHP 4, you must use one of native extension dedicated to database access :

mysqli for MySQL.

oci8 for Oracle.

…

Each extension provides different specific functions.

Need to change the code if you want to change the DBMS !

Not a good approach…

Introduction

…and now.

PDO is the main new feature of PHP 5.1.

Object Oriented extension :

Provides ease of use and greater abstraction.

A common base for all the DBMS connectors :

No more need to change the code when you want to change of DBMS.

Or almost…

Introduction

PDO ArchitectureIntroduction

PHP >= 5.1 PDO

PDOMySQL

PDOOracle

PDOSQL Server

PDO…

MySQL

Advantages

PDO is written in C language :

Similar performance as the old native drivers.

Optimization opportunities thanks to prepared statements.

Not available with the old MySQL extension.

PDO can execute all query types :

INSERT, UPDATE, DELETE, SELECT

Stored procedure.

Introduction

Installation

PDO and all the major drivers ship with PHP as shared extensions.

You simply need to activate them by editing the php.ini file :

If you use a PHP version < 5.3 :

Add or uncomment the following line :

For all PHP version :

Add or uncomment the following line :

Introduction

extension=php_pdo.so ;(ou .dll sous Windows)

extension=php_pdo_mysql.so ;(ou .dll)

Stop-and-thinkIntroduction

Do you have any questions ?

Basics

Connection to a Database, execute a query, …

PDO, PHP Data Object

Preview

Here the chapters which we will approach:

PDO Classes.

PDO Example.

Database connection.

Perform a query.

Retrieve results.

Fetch Styles.

Basics

PDO Classes

The three main PDO classes that we’ll used are :

PDO : the link to the Database.

PDOStatement : represent a statement and its results.

PDOException : the exception thrown when an error occurs.

Basics

PDO ExampleBasics

$user = 'root';$password = 'root';$dsn = 'mysql:host=localhost;dbname=example';

try { $pdo = new PDO($dsn, $user, $password);} catch (PDOException $e) { die("Error ! : ".$e->getMessage());}

$pdo->exec("INSERT INTO sample (col) VALUES ('val')");

$result = $pdo->query("SELECT col FROM sample");while($row = $result->fetch()) { print_r($row);}

$pdo = NULL;

Database connection The first thing to do is to create a PDO class instance.

The constructor take three parameters :

The DSN (Database Source Name) :

The information about the Database to use.

Example for a MySQL Database :

The Username to use to connect to the Database.

The Password of the account.

Create a PDO instance can throw an exception :

If the necessary driver is not loaded.

If the access is denied.

…

Basics

mysql:host=localhost;port=3306;dbname=example

Database connection

To use several Database, just create several PDO instance :

Basics

$user1 = 'root'; $password1 = 'root';$dsn1 = 'mysql:host=localhost;dbname=example1';

try { $pdo1 = new PDO($dsn1, $user1, $password1);} catch (PDOException $e) { die(); }

$user2 = 'root';$password2 = 'root';$dsn2 = 'mysql:host=localhost;dbname=example2';

try { $pdo2 = new PDO($dsn2, $user2, $password2);} catch (PDOException $e) { die(); }

Perform a query

Once your connection is open, you can execute query thanks to two methods of PDO instance :

int exec ( string $statement ) :

Executes an SQL statement in a single function call, returning the number of rows affected by the statement.

PDOStatement query ( string $statement ) :

Executes an SQL statement in a single function call, returning the result set (if any) returned by the statement as a PDOStatement object.

Basics

Perform a queryBasics

SQL Statement PDO method

INSERT exec()

UPDATE exec()

DELETE exec()

SELECT query()

EXPLAIN query()

SHOW query()

DESC query()

Retrieve results After a call to the method query() retrieved data are kept in

memory, inside a PDOStatement instance.

The two main methods to manipulate this data are :

array fetchAll( [ $fetch_style=PDO::FETCH_BOTH] )

Returns an array containing all of the result set rows.

mixed fetch( [$fetch_style=PDO::FETCH_BOTH] )

Fetches a row from a result set associated with a PDOStatement object.

The fetch_style parameter determines how PDO returns the row.

Basics

Retrieve results

The fetchAll() method returns all the data in an array.

Very easy to use !

But not advisable if query return a large number of result !

In that case, fetch() method is the best choice !

Basics

Retrieve resultsBasics

$sql = "SELECT login, password FROM users";$sth = $pdo->query($sql);$result = $sth->fetchAll(PDO::FETCH_ASSOC);

foreach($result as $row) { echo $row['login'].'-'.$row['password'].'<br/>';}

$sql = "SELECT login, password FROM users";$sth = $pdo->query($sql);

while($row = $sth->fetch(PDO::FETCH_ASSOC)) { echo $row['login'].'-'.$row['password'].'<br/>';}

Fetch all example :

Sequential fetch example :

Fetch StylesBasics

VALUE ACTION

PDO::FETCH_ASSOCReturns an array indexed by column name as returned in your result set.

PDO::FETCH_NUMReturns an array indexed by column number as returned in your result set, starting at column 0.

PDO::FETCH_BOTHReturns an array indexed by both column name and 0-indexed column number as returned in your result set.

PDO::FETCH_OBJ

Returns an anonymous object with property names that correspond to the column names returned in your result set.

PDO::FETCH_CLASS

Returns a new instance of the requested class, mapping the columns of the result set to named properties in the class.

Fetch StylesBasics

$sql = "SELECT login, password FROM users";

$sth = $pdo->query($sql);$result = $sth->fetchAll(PDO::FETCH_ASSOC);print_r($result);

Array( [0] => Array ( [login] => Plop [password] => 1234 ))

PDO::FETCH_ASSOC :

Fetch StylesBasics

$sql = "SELECT login, password FROM users";

$sth = $pdo->query($sql);$result = $sth->fetchAll(PDO::FETCH_BOTH);print_r($result);

Array( [0] => Array ( [login] => Plop [0] => Plop [password] => 1234 [1] => Plop ))

PDO::FETCH_BOTH :

Fetch StylesBasics

$sql = "SELECT login, password FROM users";

$sth = $pdo->query($sql);$result = $sth->fetchAll(PDO::FETCH_OBJ);print_r($result);

Array( [0] => stdClass Object ( [login] => Plop [password] => 1234 ))

PDO::FETCH_OBJ :

Last Insert ID When you insert a new row inside a table, you often let

the DBMS generate the primary key.

You can retrieve the last generated ID thanks to the instance method of PDO :

string lastInsertId ([ string $name = NULL ]) :

If a sequence name was not specified for the name parameter, returns a string representing the row ID of the last inserted row.

Else, returns a string representing the last value retrieved from the specified sequence object.

Basics

$sql = "INSERT INTO users (login, password) VALUES ('john.doe', 'Plop')”;

$pdo->exec($sql);echo $pdo->lastInsertId();// Display the last generated ID

Stop-and-thinkBasics

Do you have any questions ?

ExercisesBasics

Now, you know how to use Database in PHP !

Create two new classes :

PdoUserManager implements UserManager interface.

PdoPostManager implements PostManager interface.

Implement methods using PDO and a MySQL Database.

Update your PHP page to use your new managers instead of the old ones.

They are no register method for now, so add an user directly in Database with a MySQL browser like phpMyAdmin.

Transaction Management

Commit, Rollback & cie.

PDO, PHP Data Object

Preview

Here the chapters which we will approach:

Presentation.

Case Study.

Provided methods.

Example.

Transaction Management

Presentation

Transaction is useful when you want defined a unified set of queries.

If they all succeed, changes are applied.

If one fails, no changes are applied.

We name commit the operation that applied changes in Database.

Transaction Management

Case study

For instance, transactions are very important in banking applications :

Imagine a bank transfer.

The operation is in two steps :

Withdraw money of one account.

Add it to an other.

Imagine each step is a Database query.

What happen if the second query failed ? Where is the money ?

Transaction Management

Provided methods

PDO instances provide three methods to manage transactions :

bool beginTransaction ( void ) :

Turns off auto-commit mode and so, changes made to the database via the PDO object instance are not committed until you end the transaction.

bool commit ( void ) :

Commits a transaction, returning the database connection to auto-commit mode.

bool rollBack ( void ) :

Rolls back the current transaction, returning the database connection to auto-commit mode.

Transaction Management

ExampleTransaction Management

// Define to PDO to generate errors as exceptions$pdo->setAttribute(PDO::ATTR_ERRMODE,

PDO::ERRMODE_EXCEPTION);$pdo->beginTransaction();try { $sql1 = "INSERT INTO author (firstname, lastname)

VALUES ( 'Clark', 'Kent' )"; $pdo->exec($sql);

$sql2 ="INSERT INTO article(title, body, author_id)VALUES('Plop', '...',".$pdo->lastInsertId().")";

$pdo->exec($sql2);

$pdo->commit();} catch (Exception $e) { $pdo->rollBack(); echo ”Error: ".$e->getMessage();}

Stop-and-thinkTransaction Management

Do you have any questions ?

Prepared Statement

Improved your queries.

PDO, PHP Data Object

Preview

Here the chapters which we will approach:

Presentation.

Execution Cycle.

Parameterized Prepared Statements.

Provided methods.

Example.

Prepared Statement

Presentation

Many of the more mature databases support the concept of prepared statements.

A prepared query only needs to be parsed (or prepared) once, but can be executed multiple times with the same or different parameters.

The database will analyze, compile and optimize it's plan for executing them.

Avoid repeating the analyze/compile/optimize cycle.

Protects against SQL injection.

This means that prepared statements use fewer resources, run faster and are more secure !

Prepared Statement

Execution CyclePrepared Statement

Analyze

Compile

Optimize

Run

Classic Statement or

first execution cycle of a prepared statement.

Next execution cycle for a prepared statement.

Parameterized Prepared Statements

A parameterized prepared statement is a prepared statement that you can define parameters.

Two types of parameterized prepared statements :

With ordered parameters :

With named parameters :

You can’t make a prepared statement mixing the two types of parameters.

Prepared Statement

$sql = "INSERT INTO users (login, password) VALUES (?, ?)”;

$sql = "INSERT INTO users (login, password) VALUES (:login, :password)”;

Provided methods

Once your statement is ready, you need to provide it to your DBMS.

To do that, you must use the following instance method of PDO class :

PDOStatement prepare ( string $statement ).

Prepared Statement

$sql = "INSERT INTO users (login, password) VALUES (?, ?)”;

$statement = $pdo->prepare($sql);

Provided methods

Once your statement is prepare, you can use it !

To define the statement parameters, you have two ways :

Passing them in parameters of the execute() instance method of PDOStatement.

Use the bindValue() instance method of PDOStatement.

Prepared Statement

Example passing parameters to execute() :

ExamplePrepared Statement

$sql = "INSERT INTO author (firstname, lastname) VALUES ( :firstname, :lastname )";

$statement = $pdo->prepare($sql);

$firstname = 'John';$lastname = 'Doe';

$statement->execute( array(':firstname' => $firstname,

':lastname' => $lastname)

);

Example using bindValue() :

ExamplePrepared Statement

$sql = "INSERT INTO author (firstname, lastname) VALUES ( :firstname, :lastname )";

$statement = $pdo->prepare($sql);

$firstname = 'John';$lastname = 'Doe';

$statement->bindValue(':firstname', $firstname);$statement->bindValue(':lastname', $lastname);

$statement->execute();

Stop-and-thinkPrepared Statement

Do you have any questions ?

Exercises (1/5)Prepared Statements

The code to create a new PDO instance inside your both managers are the same…

Maybe you have defined your Database information inside each of them ?

Very bad !

Imagine you want to change your Database ?

You should update each manager…

Remember : D(on’t) R(epeat) Y(ourself) !

Exercises (2/5)Prepared Statements

Create a new abstract class named AbstractPdoManager:

Define each of your connection parameters as a constant inside it.

Define a constructor that use this parameters to create a PDO instance.

Keep it into a protected instance variable.

Update your managers to extends this class and use his instance variable.

After that, you’ll DRY !

Exercises (3/5)Prepared Statements

Now you now that Prepared Statements are more secure and more efficient.

Update your managers to use Prepared Statements.

Exercises (4/5)Prepared Statements

Create the new domain class Comment :

With attributes :

id : an unique identifier.

body : the content of the comment.

post : the post where the comment has been posted.

user : the author of the comment if authenticated when the comment was posted.

publicationDate : the publication date of the comment.

With just getters and setters as instance methods.

Exercises (5/5)Prepared Statements

Update the Post class :

Add a new attributes named comments.

It represents the comments of the post.

Add a getter and a setter for that attribute.

Update the PdoPostManager to return Posts with their comments.

Create a new interface named CommentManager and an implementation named PdoCommentManager with :

addComment($body, $post, $user) method.

Update the display post page :

Add a form to post a comment.

Display the comments linked to the current post inside the display post page.

Prepared Statements

DBMS Query

PDO advantages

Summary of the Module

Transactions

PDO, PHP Data Object

For more

Publications

Web sites

If you want to go into these subjects more deeply, …

PDO, PHP Data Object

http://php.net/

http://www.nexen.net/

http://www.zend.com/

PHP 5 avancé

5e édition.Éric DASPET

Cyril PIERRE DE GEYER

Available on Cyberlibris.

http://library.supinfo.com/BookDetails.aspx?type=cyberlibris&docid=40001068

http://www.siteduzero.com/tutoriel-3-34790-pdo-interface-d-acces-aux-bdd.html