Secure Database Access{4}


Many PHP programmers have become accustomed to connecting to their databases, mainly MySQL, via direct calls. The most popular ways are to use the MySQL and MySQLi API’s. However, as of PHP 5.1+, PDO, or PHP Data Objects was introduced as a third API. Since PHP has shifted towards being a more object oriented language from its procedural beginnings, using the PDO class allows us to be more consistent in our methodologies. Some of the major benefits of using the PDO class instead of direct SQL calls include increased security and more streamlined code.

I think one of the most important benefits of using the PDO class over direct SQL calls is that it is database independent. The only thing you will need to change is the connecting driver declaration. This saves a lot of time on maintenance in the event that a different DBMS is used and the programmer will not have to go back into the code to make additional changes.

In the past, we switched one of our internal programs from Oracle 10g to MySQL. The programmers had to comb through every snippet of code to change any database calls to match MySQL’s syntax. It took over three weeks and four programmers to finish the migration. If the PDO class were available at that time, three weeks worth of productivity would have been saved, which translates to three weeks of highly paid salary saved.

Way, J., (May 31, 2012) PHP Database Access: Are You Doing It Correctly? Retried October 1, 2012 from http://net.tutsplus.com/tutorials/php/php-database-access-are-you-doing-it-correctly.