Hi devs in this guide we are going to see PDO "PHP Data Objects". lets get started we are going to create a crud to see the deference and benefits of pdo.
So how PDO secures our queries, Here is a example
// Normal Query
// Unsafe approach
$id = 10;
$posts = $pdo->query("SELECT * FROM blog WHERE blog_id='$id'"); // Here we are passing id directly in sql query which can be insecure.
while($row = $posts->fetch())
{
echo $row->title."<br/>";
}
So when doing a query to database why not prepare it first and pass parameters in query instead direct variable.
Let's see the "Insert query" using PDO.
// Insert query.
$post = $pdo->prepare("INSERT INTO blog(`title`, `description`) VALUES (:title, :details)");
$post->execute([
'title' => $title,
'details' => $details,
]);
We defined named parameters
:title and :details both are parameters and we are setting values to these parameters
here
$post->execute([
'title' => $title,
'details' => $details,
]);
Similar way we deal with update query
$post = $pdo->prepare("UPDATE blog SET `description` = :details WHERE title=:title");
$post->execute([
'title' => $title,
'details' => $details,
]);
PDO also offer unnamed parameters, Note order you assign values to unnamed parameters matters.
Here we use unnamed parameters to delete record.
$post = $pdo->prepare("DELETE from blog WHERE id=?");
$post->execute([$_GET['id']]);
Here ? is unnamed parameter and gets value from $_GET['id']
Hope this helps, Check our video guide for better understanding and working examples.