Server-Side vs. Client-Side Execution
When linking databases and Web pages, most of time
Server-side code
Embedded code with server-side execution
Why not client-side execution?
Clients are usually too far away
Servers should not trust the clients
Servers are designated to serve applications that might well
require a lot more horsepower
Disadvantage:
Server might be overloaded while clients sit idle
PHP Database APIs
Several API styles in PHP of connecting to a DB
a) According to programming paradigm:
Procedural database APIs
Deprecated mysql extension
mysqli improved extension, its procedural version
Object-oriented database APIs
PDOs (PHP Data Objects)
mysqli improved extension, its object-oriented version
PEAR::DB (written in PHP, not in C)
b) According to abstraction level to vendor databases:
Vendor-specific database APIs
mysql and mysqli extensions for MySQL, OCI8 for Oracle, etc.
Abstraction layer APIs (generic database APIs, i.e., vendor-neutral)
PDO
PEAR::DB
ODBC drivers approach
Vendor-Specific vs Generic APIs
Tradeoff required selecting between these two approaches
Vendor-specific APIs (mysql, mysqli, ..)
Pros: Complete functionality of a certain vendor db (say
MySQL, or Oracle, or Microsoft SQL, or DB2 IBM, or ..) covered
Cons: Extension to support other vendor db-s (say MySQL, or
Oracle, or Microsoft SQL, or DB2 IBM, or ..) incurs additional
development costs + learning new syntax
Generic APIs (PDO, PEAR::DB, ODBC)
Pros: Extension to other vendor db-s almost at no cost
Cons: Functionality of a certain vendor db incompletely
covered due to generalization (common layer)
Checking and Filtering Input Data
- is used to strip any whitespace
- is checked although it comes from an HTML -
sensible screen data
- when submitting user input to a database
- when returning data from a database
Setting Up a Connection
Nonpersistent connection
Closes when a script finishes execution, or through the function call
Since limited # of connections can exist at the same time
Persistent connections
Lives longer than the script itself
To save connection/disconnection time and server overhead
In original deprecated version as
Retrieving the Query Results
- serves to encode characters with
special meanings in HTML, like ’&’, ’<’, ’>’, ’"’, etc.
Other Useful PHP–MySQL Functions (cont.)
Freeing up resources:
Example:
Creating databases:
Working with transactions:
See php.net for a complete list of mysqli functions
Other PHP Database APIs
A set of certain extension libraries available in PHP to connect to a specific vendor database:
OCI8 for Oracle
mssql for Microsoft SQL
PostgreSQL
IBM DB2
Informix
Sybase
MongoDB
SQLite
…
They all share common principles of connecting and querying
Differ slightly on functionality
If there is no support, i.e. no specific library available in PHP for a given database, use the generic ODBC functions
Open Database Connectivity - a standard for connections to databases
Limited functionality due to being designated to work with everything
Generic Database API: PEAR DB
Object-oriented Offers database abstraction classes such as Metabase or
PEAR::DB
PEAR::DB abstraction layer is the core component of PEAR
Vendor-neutral common abstraction layer Same function names for each different type of database
Difference is basically syntactic, e.g., To connect:
where
To retrieve result rows:
Generic Database API: PDO
PDO stands for PHP Data Objects
Object-oriented
Vendor-neutral common abstraction layer
Same function names for each different type of database
Difference is basically syntactic, e.g.,
To connect:
To retrieve result rows: