Jump to content

First Database Class, Critique Request

mdvaldosta

By mdvaldosta
in PHP Coding Help

Recommended Posts

mdvaldosta Newbie

mdvaldosta

Posted
Posted

I'm starting to work with objects and using prepared statements for database interaction, and wrote a class to use in a current project. Wanted to get input on how I could improve it and if it's efficient, for example making sure doing it this way closes the db connection as expected and I'm binding everything properly. I'm also concerned about security, as binding variables is supposed to be safe but I'm still really uneasy about not sanitizing POST and GET before using them.

 

class DatabaseFunctions
{
protected $_dbc;
protected $_stmt;
protected $_result;

// Sets the database connection when object is initiated
public function __construct()
{
	$this->_dbc = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME) or die('Could not connect to the database.');
}

// (add.php) Build the category list so we can populate the add form's dropdown box
public function getCategoryListDropDown()
{	
	// Prepare the statement and execute it
	if ($this->_stmt = $this->_dbc->prepare("SELECT feed_id, title FROM feeds")) {
		$this->_stmt->execute();

		// Bind results to variables
		$this->_stmt->bind_result($feed_id, $title);

		// Loop through the results and print them out
		while ($this->_stmt->fetch()) {
			$format = '<option value="%d">%s</option>';
			$this->_result = printf($format, $feed_id, $title); 
		}

		// We're done, close the statement to free the resources
		$this->_stmt->close();
	}
	return $this->_result;
}

// (add.php) Submit the form results from the add.php page
public function submitAddData()
{	
	// Prepare statement and bind variables
	if ($this->_stmt = $this->_dbc->prepare("INSERT INTO items (id, url, title, description, time, feed_id) VALUES (NULL, ?, ?, ?, NOW(), ?)")) { 
		$this->_stmt->bind_param('sssd', $url, $title, $description, $feed_id); 

		// Grab the variables we'll be executing
		$url = $_GET['url'];
		$title = $_POST['title'];
		$description = $_POST['description'];
		$feed_id = $_POST['category'];

		// Execute and close prepared statement
		$this->_stmt->execute();
		$this->_stmt->close();
	}
}

// Close the database connection when the object is done with it
public function __destruct()
{
	$this->_dbc->close();
}
}

Link to comment
https://forums.phpfreaks.com/topic/189178-first-database-class-critique-request/
Share on other sites
ignace Advanced Member

ignace

Posted
Posted

Don't wrap an object around an object either use it or extend it.

 

class FeedManager extends MySQLi {
     public function getCategoryList() { /* logic, return $categoryList; */ }
}

class ItemManager extends MySQLi {
    public function add($config) { /* logic */ }
}

class DropDownWidget {
    public function __construct($config = array()) { /* logic */ }
    public function render() { /* logic, renders the dropdown */ }
    public function __toString() { return $this->render(); }
}

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.