Do I really need to use/learn PDO and OOP?

[venessa]

Hello,

 

I've followed the whole series of Log in and registration system on the phpacademy channel on Youtube: http://www.youtube.com/playlist?list=PLE134D877783367C7

 

After reading some comments and doing some research I found that it uses md5 and old mysql_ function, which for some reason are 'deprecated' or not secure. I'm still not sure. Also, after doing some searching I came across: http://www.sunnytuts.com/article/login-and-registration-with-object-oriented-php-and-pdo which is another tutorial that is quite similar to the one on phpacademy, but it uses PDO and Object oriented programming and bcrypt instead of md5().

 

The problem is that I don't know OOP and I use procedural programming. So is it worth learning OOP and using bcrypt() instead of md5() or PDO instead of mysql?

 

I mean, am I ok with using the code from phpacademy, or do I need to follow the other one and also learn OOP.

 

Thank you very much.

[kicken]

You should learn you use PDO or Mysqli. Mysqli has a procedural style interface if you want to hold off on OOP for a bit longer. Also you should use something other than md5 for hashing passwords. MD5 is weak to collision attacks and also a fast algorithm which means it is easy for an attacker to run through possible hashes very quickly.

[boompa]

It is also important that you learn to use PDO with prepared statements, as these prevent SQL injection attacks.

 

For a good password encryption library, I suggest the use of password_compat, which is forward-compatible with upcoming PHP 5.5.

[venessa]

Thank you very much for your replies. I think I should finally learn PDO and also OOP, found some really good tutorials for them. Also thank you very much for the password_compat link, but the other tutorial that I'm going to follow uses bcrypt(). Do you think that is fine or should I uses the password_compat code that you linked? I mean I know I have to use PDO but is bcrypt() fine to use or do I have to change the code from bcrypt() to password_compat after I have completed that tutorial?

 

Thanks again for the help.

[kicken]

I mean I know I have to use PDO but is bcrypt() fine to use or do I have to change the code from bcrypt() to password_compat after I have completed that tutorial?

That library does use the bcrypt algorithm, it just wraps up some of the complexities behind using it into convenient functions, making it simple to use.

[rwhite35]

I'll use OOP style when I have a repetitive pattern that will be used on multiple pages. One way to think of Classes would be functions on steroids.  A popular choice for OOP are database connection and query. Where the connection and query machinery are contained inside a class.  Then you can pass the class parameters specific to a pages data pull. The result back is an object (array or value) that can be manipulated and accessed like an array or variable.  Another use to try when learning OOP is HTML form generation.  If you have a multi-step process and want to present specific fields to certain users, a simple form class for each user is handy. 

 

There are a lot of OOP tutorials out there, specially for database interaction.  Good Luck!

[Strider64]

I'll add my .05 cents to the conversation. While I'm starting to learn OOP the right way, I believe I am on the right track for I have read a couple of books, watched tutorials and of course visit forums on OOP, I have found the following:

 

1. You don't need to write OOP style for small projects, the Procedural way is just fine.

2. You can write OOP style for simple chores like writing a connection script to a database without have to know OOP. It doesn't mean that you know OOP, it just means that for that particular section of code you can have working code. Php.net is a very good source in finding out how to write those kind of scripts.

 

Like I said to learn PHP code find a good recent book on OOP and start reading and follow the examples.

[Irate]

You should use OOP when you have the same pattern you need to execute multiple times - for example, I recently wrote a class that reads input and a file to produce automated HTML files.

MySQLi classes are very handy as you just need to declare mysqli once, for example, $mysqli = new mysqli( string $host, string $user, string $password /*all others are optional */ /*, string $database and some more */ );

You can then use methods of the mysqli class, like $mysqli->query("SELECT * FROM ..."); or $mysqli->real_escape_string($_POST['query']);, you name it.

[venessa]

Thank you so much for all your replies. Currently I am reading the book: Programming Php from O'relly, published in 2013, which is quite comprehensive. I've decided to bite the bullet and learn OOP and PDO and follow the other tutorial instead. But again thanks a lot for your help