PDO - best practice

Question

extjac 0 Newbie Poster

12 Years Ago

Hi there, happy new year to all!

I started using PDO few weeks ago, and I am trying to figure out what is the best way to use it....I just put 3 samples bellow and I was hoping you can tell me what is the most secure and professional way of using it.

<?
//db Connection
$db = new PDO("mysql:host=$db_host;dbname=$db_name",$db_user,$db_pass);

class account 
{ 
	function __construct()
	{
	global $db;	
	$this->db = $db;
	}
	
	
	function getRecord($account_id) 
	{ 
	$sql = "SELECT * FROM accounts WHERE account_id=".mysql_real_escape_string($account_id);
	$rs	 = $this->db->query($sql) or die("failed!");		
		while($row = $rs->fetch(PDO::FETCH_ASSOC)){
			$result[] = $row;
		}
	return $result;
	} 
}
$Account = new account();

// * 
// * OR
// *

class account 
{ 
	function __construct()
	{
	}
	
	function getRecord($account_id) 
	{ 
	global $db;	
	$sql = "SELECT * FROM accounts WHERE account_id=".mysql_real_escape_string($account_id);
	$rs	 = $this->db->query($sql) or die("failed!");		
		while($row = $rs->fetch(PDO::FETCH_ASSOC)){
			$result[] = $row;
		}
	return $result;
	} 

}
$Account = new account();

// * 
// * OR
// *

class account 
{ 
	function __construct($db)
	{
	$this->db = $db;		
	}
	
	function getRecord($account_id) 
	{ 
	$sql = "SELECT * FROM accounts WHERE account_id=".mysql_real_escape_string($account_id);
	$rs	 = $this->db->query($sql) or die("failed!");		
		while($row = $rs->fetch(PDO::FETCH_ASSOC)){
			$result[] = $row;
		}
	return $result;
	} 
}
$Account = new account($db);
?>

php

4 Contributors
3 Replies
184 Views
19 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by Stefano Mtangoo

Stefano Mtangoo 455 Senior Poster

12 Years Ago

Last one is the best plus, use parametric queries (Bind/execute)

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 1 · 2012-01-03T23:45:08+00:00

The last one is IMHO the right way to do it. Since you are using classes, there should be no need for globals. Passing you DB class in the constructor for account is valid.

diafol · Answer 2 · 2012-01-04T02:54:03+00:00

I use the last one too. Dunno if it's the best method though.