PHP

Connecting Via PDO

try {
  $db = new PDO('sqlite:PDOquotes.db');
  }

Finally, a new development from some core PHP developers and one of the key features of PHP 5.1 is PDO, short for PHP Data Objects. There are several abstraction classes in PHP, but PDO will become the official one.

PDO is already available in PEAR, at http://pecl.php.net/package/PDO. UNIX/Linux users can install it using pear install PDO or by compiling it manually; Windows users have to refer to http://snaps.php.net/win32/PECL_5_0/ for PHP 5.0.x, and to http://snaps.php.net/win32/PECL_UNSTABLE/ for (alpha and beta versions of) PHP 5.1. Then, extension=php_pdo.dll (or extension=pdo.so on other systems) in php.ini does the trick (not required under PHP 5.1, where PDO is loaded automatically).

Connecting Via PDO
<?php
  try {
    $db = new PDO('sqlite:PDOquotes.db');
    echo 'Connected to the database.';
  } catch (PDOException $ex) {
    echo 'Connection failed: ' .
htmlspecialchars($ex->getMessage());
  }
?>

After installing PDO, a driver for the database to be used must be loaded, as well. As of this writing, the following drivers are available:

  • PDO_FIREBIRD for InterBase/Firebird

  • PDO_MYSQL for MySQL 3.x and 4.0

  • PDO_OCI for Oracle

  • PDO_ODBC for ODBC and IBM's DB2

  • PDO_PGSQL for PostgreSQL

  • PDO_SQLITE for SQLite

To make this as portable and easy to deploy as possible, the following use the SQLite driver; however, other drivers and database systems are just as good. Note that this driver uses SQLite 3 and not SQLite 2 as bundled with PHP 5 (that's why the binary distribution of the driver weighs in at over 200KB). Whatever system you choose, download and install the driver and load it after PDO in your php.ini.

Because PDO only works with PHP 5 and later versions, you can use an object-oriented approach. All you need is a suitable data source name (DSN), a user, and a password (and possibly other options). The preceding code connects to/creates an SQLite file.

Sending SQL Via PDO

$stmt = $db->prepare($sql);
$stmt->execute();

To send SQL via PDO, a statement must be executed using the query() method. As always, you need a way to escape special characters. This can, once again, be done using prepared statements. First, an SQL query can be parsed using a method called prepare(), whereas placeholders start with a colon. Then, the bindParam() method binds a value to a placeholder name. Finally, the execute() method sends the statement to the database.

Sending SQL Via PDO
<?php
  try {
    $db = new PDO('sqlite:PDOquotes.db');
    require_once 'stripFormSlashes.inc.php';
    $sql = 'INSERT INTO quotes (quote, author, year)
      VALUES (:quote, :author, :year)';
    $stmt = $db->prepare($sql);
    $stmt->bindParam('quote', $_POST['quote']);
    $stmt->bindParam('author', $_POST['author']);
    $stmt->bindParam('year',
      intval($_POST['year']));
    $stmt->execute();
    echo 'Quote saved.';
  } catch (PDOException $ex) {
    echo 'Connection failed: ' . htmlspecialchars
      ($ex->getMessage());
  }
?>

by BrainBellupdated
Advertisement: