Secure Database Access

by Hieu H
Many PHP programmers have become accustomed to connecting to their databases, mainly MySQL, via direct calls. The most popular ways are to use the MySQL and MySQLi API’s. However, as of PHP 5.1+, PDO, or PHP Data Objects was introduced as a third API. Since PHP has shifted towards being a more object oriented language from its procedural beginnings, using the PDO class allows us to be more consistent in our methodologies. Some of the major benefits of using the PDO class instead of direct SQL calls include increased security and more streamlined code.

I think one of the most important benefits of using the PDO class over direct SQL calls is that it is database independent. The only thing you will need to change is the connecting driver declaration. This saves a lot of time on maintenance in the event that a different DBMS is used and the programmer will not have to go back into the code to make additional changes.

In the past, we switched one of our internal programs from Oracle 10g to MySQL. The programmers had to comb through every snippet of code to change any database calls to match MySQL’s syntax. It took over three weeks and four programmers to finish the migration. If the PDO class were available at that time, three weeks worth of productivity would have been saved, which translates to three weeks of highly paid salary saved.

Way, J., (May 31, 2012) PHP Database Access: Are You Doing It Correctly? Retried October 1, 2012 from

4 thoughts on “Secure Database Access

  • October 1, 2012 at 6:36 pm

    You made a unique choice of the article, very technical. It is good to hear your experience with switching from Oracle to MySQL database at work. Do you also use PHP for the web development?

    • October 7, 2012 at 9:24 pm

      Hi Dr. Zhang. Yes, I’ve used PHP for web development in the past, but am now transitioning a lot of my work to Ruby On Rails.

  • October 6, 2012 at 11:18 am

    I cannot agree with you more. As you said, this will definitely cut down on costs and time. I remember at my work when they were trying to update a certain program. It became clear quite quickly that independence is key in regards to systems. Instead of changing a few lines of code the programmers had to go through and change lines of code for each separate version of the program. Good post!

  • October 7, 2012 at 6:41 pm

    It’s awesome to see that there is technology out there that is developing to help save money and time for companies. I can only imagine the down time there is to a business when lines of code have to be scoured to make a transition. This article was very technical and although my knowledge is limited in this, I found it very interesting that there are so many advantages of using PDO verses SQL.

Comments are closed.