2

I am wondering if I use mysql with php secure. This is my class:

class DB{
    public $mysqli = null;
    public $result = array();

    private $_host = 'localhost';
    private $_user = 'root';
    private $_password = 'root';
    private $_db_name = 'DBNAME';

    public function __construct()
    {
        $this->mysqli = new mysqli($this->_host,$this->_user, $this->_password, $this->_db_name);

        if ($this->mysqli->connect_errno){
            echo "Error MySQLi: ("&nbsp. $this->mysqli->connect_errno . ") " . $this->mysqli->connect_error;
            exit();
        }

        $this->mysqli->set_charset("utf8");
    }

    public function __destruct(){
        $this->mysqli->close();
    }

    public function query($query){
        $this->result = $this->mysqli->query($query);

        if($this->result){
            return $this->result;
        }else{
            return false;
        }
    }

Is that way to comunicate with database good enough or should I use Doctrine ?

I am asking because something strange is in my code. If I vardump any object contains reference to DB object, I can see :

["_host":"DB":private]=> string(9) "localhost" ["_user":"DB":private]=> string(4) "root" ["_password":"DB":private]=> string(4) "root" ["_db_name":"DB":private]=> string(10) >"DBNAME" }

Improve this question
1
  • Well it is normal if you print the object to see this data. Your class is a normal extension wrapper. The security comes with complex queries and the ability of your class to "prepare" them - to catch possible injections and so on (simply said). Commented Apr 5, 2014 at 16:29

3 Answers 3

Reset to default
1

If you are worried about the DB settings shown on var_dump, I suggest you place those settings in a config file and send those configs as params.

Personally, I wouldn't worry about it. If someone has access to your object (maybe another shared object) they probably have the ability to read your settings. The only positive I see with having a config file is that you can update those configs without having to touch the php codebase.

Is there a reason why you think this would be an issue?

Also your code structure is nice, keep it extracted from mysqli, don't switch to an extend. This will give you flexibility in the future should you decide to switch to PDO or any other better extensions that come up.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Why reinvent the wheel? Your query function pretty much does what mysqli_query is already doing for you. I would just use the base mysqli class as you're already doing by making this class extend that one

class DB extends mysqli {
    private $_host = 'localhost';
    private $_user = 'root';
    private $_password = 'root';
    private $_db_name = 'DBNAME';

    public function __construct()
    {
        parent::__construct($this->_host,$this->_user, $this->_password, $this->_db_name);
    }
}
Improve this answer

1 Comment

Yes I know, but I am worried about this : ["_host":"DB":private]=> string(9) "localhost" ["_user":"DB":private]=> string(4) "root" ["_password":"DB":private]=> string(4) "root" ["_db_name":"DB":private]=> string(10) >"DBNAME" }
0

Your question is like "should I put a hat or a cap ?".
Actually, there is no best way to deal with a database. It depends of witch approach you have.
If you prefer write SQL code, then your solution is good and works well for your usage.
However, if you do not want to write SQL query and work only with objects, then you will prefer use doctrine.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.