chesse18

I can get on board with that. Despite many telling you that you shouldn't use jQuery anymore, I still use it, as it does have its usefulness. And actually, if you know how to use jQuery properly, you WILL write 30-40% less code, that does the exact same thing. I don't use it heavily, however I do use it. For larger projects I use Node.js anyway, so for simple projects like this one, IMO it's best not to overcomplicate it. Just sweet old HTML/CSS, PHP, JavaScript/jQuery. Also, I use VSCode for an IDE, and there's an extension for SCSS/SASS that will watch for SCSS/SASS updates, and automatically transpile it for you into CSS, which is MUCH quicker than manually running a compile command. SCSS is something I'll probably be using on every project I take on until there's a better alternative, so far SCSS has been a life saver and made CSS much more enjoyable. Anyway, also getting off topic, but yes, I also prefer native or at least close to native-level language usage on simple apps/sites. Like I stated above, if this were a JS question, what would be the point in using React to build a static 5 page website that probably won't get updated for years besides maybe a few images? Lots of very small businesses have web apps like this. I mean, yeah... it'd probably be quicker to write up said app in React, but it would be pointless, when simple native HTML/CSS/JS works and IMO is much easier to read unless you're doing a massive project.

As for the first part of this, it was mostly just me getting butthurt, TBH--a couple years ago, when I was completely new to PHP, and also SO--I had asked a couple of questions that, in hindsight, were pretty stupid. They were clear and concise, which wasn't the issue, but they were just stupid, simple things that probably didn't need asking (like how to hash a file name when working with directories, yes, I had a use case for it). However, a couple of years later, after not really asking any questions and having minimal usage/activity on SO, I come back to find that I was blocked from asking questions. I found it useless to go back and edit them to be better questions, and wait and PRAY for someone to find such old questions in order to gain back the posting permission, so I simply deleted them, in hopes that maybe it would clear the block after a bit. Turns out, I was dead wrong, as after deleting 2 of them, the site figured out what I was doing while mass deleting old questions of mine, and gave me a prompt, "You sure you want to delete this question? Deleting this question will not give you back posting privileges" or something along those lines. I deleted them anyway and moved on. Also, the class I'm using does have a constructor for the connection, I honestly don't know why I changed it for the code example but it's there and works. Also, as for the "simplest queries possible", yes, that's perfectly fine. The app I'm building doesn't have a lot of functionality, and really only needs simple INSERT, UPDATE, or SELECT queries. Anything more than that, and this code would be much different. I also want to mention that regardless of PDO or mysqli, for me, using a class, albeit a very basic one, is perfectly fine for this use-case; it's better than simply re-writing thicker code blocks, plus, while it could just as easily be done with a simply function, I get more control over it, regardless. Also, as for the rest, yes they're useful in most cases, but I really don't "need" them. This project isn't a massive business website where I've got complicated queries or functionality. Literally the most complicated part of this site is form handling on inventory, which in itself is not difficult at all. I personally see zero benefit from running composer or anything else like I would on a larger scale project, you wouldn't use React to develop a static 5 page website now would you? Same concept here. My goal here is simply to compress my already current code base, which I have managed to do now, managing to get my entire function library compressed into 6 classes However I do appreciate the advice. Just seems very unnecessary. However PDO on the other hand I will be delving into and switching my code base over to that from now on because I do however see the benefit of that.

Much appreciated!

Thank you. I've honestly solely used mysqli forever since I've been doing backend (few years), but I think you've convinced me to start using PDO > mysqli. Until now I just didn't realize there was actually any benefit from it, and had just assumed it was simply another method of doing it, rather than something actually better than. Would either of you happen to have a good resource/link or documentation for proper use of PDO/prepared statements and the use of proper PDO queries, so I don't get misconstrued? Based on your reply, it seems that the majority of "tutorials" or guides and other resources don't cover essential bits and pieces of information that could possibly lead to insecure or downright wrong methods of using PDO. If I'm going to start using PDO I want to do it properly and not like some newbie beginner.

Is PDO even that safe compared to mysqli prepared statements? Or in reality, is there really any difference security wise? Because, I've seen some PDO code, and while yes the above code is much more complex... for simple sql queries, every PDO script I've seen that does the same exact thing as something I'd write with prepared statements looks way messier, at least visually/readability wise. I've also looked around and seen that while PDO is preferred, there really isn't any security benefits from it over PROPER mysqli prepared statements. So, what other benefits would you really gain from using PDO over mysqli PS? Besides the simpler WAY to write it, at least to me it doesn't seem cleaner, despite being simpler, yes, but I could definitely be wrong. Interested in your input on this.

Wow, that's actually extremely helpful. I feel very stupid for not realizing that was an obvious solution. This will also definitely help when creating a method for inserting data into the database. I'm all about trying to have neat and clean code, and I'm also a firm believer of class/method programming rather than functional programming... at least in PHP. You end up with too much of the exact same code written everywhere... I've found with PHP especially it's best to have the least amount of code do the most amount of work. Typically of all programming however IMO it's extremely important in PHP in general.

I would try to help but it's difficult to make sense of the structure of your code there... Also, in the original post, those are not prepared statements.

Hey guys, new here. (I got blocked on Stack Overflow because of downvote trolls ruining my rep after building it up). So, I'm curious if you can pass multiple variables through a method or function, without using an array. For example, a function that calls another function; for example, the reason I'm trying to use this is to make a Database() class, so I can cleanly, easily, and more elegantly talk to my database. In the ...bind_param() function, it takes these arguments in order: ...bind_param($stmt, $typeDefString, ...list of variables here...); For example, take a look at the code I have written below (irrelevant pieces of code are not included to save space): <?php class Database { // Properties public $conn; public $query = ""; public $typeString = "s"; public $selVarArray; private $selResult; // Methods function startConnection($conn) { $this->conn = $conn; } function prepareSelect($query, $typeString, $selVars) { $this->query = $query; $this->typeString = $typeString; $this->selVars = $selVars; } function selectFromDb() { //... Some code for setting up mysqli statement if ($this->selVars !== null) { mysqli_stmt_bind_param($stmt, $this->typeString, $this->selVars); } //.. Some code to execute query and fetch mysqli result, then this: $this->selResult = $result; // Sets $selResult property for later use } function fetchMultiple($functionToRun) { if ($this->selResult->num_rows > 0) { while ($row = $this->selResult->fetch_assoc()) { $functionToRun($row); } } } function fetchSingle($functionToRun) { if ($this->selResult->num_rows > 0) { $row = $this->selResult->fetch_assoc(); $functionToRun($row); } } } // End of class The above code is the (relevant parts of) my Database() class. Below, is my test case page, and how I go about using this class to select database items: <?php // This is just a test case, in this example it would be to grab and display the user's email address and phone number. $id = 14; $name = "Mary"; $sel = new Database(); $sel->startConnection($conn); // Initializes connection to database $sel->prepareSelect("SELECT userEmail, userPhone FROM users WHERE userID=? OR userName=?;", "is" /* <-- typeDefString*/, [$id, $name]); $sel->selectFromDb(); // <-- Doesn't require any arguments $sel->fetchMultiple(function($row) { // Code to control/display data to page here echo 'Your email: '.$row["userEmail"].' Your Phone Number: '.$row["userPhone"]; }); Now, allow me to clarify my question now that I have an example and relevant use case for it. In the prepareSelect() method, I need to pass through (in order): $query, $typDefString, $listOfVars NOW, this code works perfectly fine, if you pass through only one variable (or none, in cases of not needing to use ...bind_params() in which I can set $listOfVars null). The issue is, if you need to pass through multiple variables, which the global ...bind_params() function is able to take any number of variables there and they later get translated into where the ? marks are in the query, if you know how prepared statements work, you know what I'm talking about. HOWEVER, passing through an array into prepareSelect() (which then gets passed into ...bind_params() ), is not valid. The only argument definition that can be passed through ...bind_params() in that spot are variables, otherwise I'd simply use implode() with string values, but that kind of defeats the point/purpose of the security of prepared statements, even if it let you use string values there. Also, they have to be in list form, like this: ...bind_params($stmt, $typeDefString, /* List of vars, can be any number of them --> */ $varOne, $varTwo, $varThree, $varFour, $etc); So, I guess what I'm asking is... is it possible, and if it is possible, how can I allow the 3rd argument in my prepareSelect() method, pass through a varying number of variables, into ...bind_params(), in list form? I hope I have been clear enough to have this question makes sense. If you need any other info, please feel free to ask. If you have a solution or method, please let me know!