Home / Questions / 255067
Accepted
josanangel
Asked: 2020-04-17 12:12:24 +0800 CST 2020-04-17 12:12:24 +0800 CST

I don't exactly understand this function that creates a connection

  • 772

I'm looking at PHP and I'm seeing a function of how to create a connection in PHP I think it's version 7 , correct me if I'm wrong please.

And this is the function that creates the connection :

  function connect(){
        try {

            $connection =  "mysql:host=". $this->host .";dbname=". $this->db; 
            $options = [
                PDO::ATTR_ERRMODE     => PDO::ERRMODE_EXCEPTION,
                PDO::ATTR_EMULATE_PREPARES => false,
            ];

            $pdo = new PDO($connection,$this->user,$this->password,$options);

            return $pdo;

        } catch (\Throwable $th) {
            //throw $th;
        }
    }

Let's see the variable $connectionI understand, it simply concatenates the properties of the class to create the connection as usual. But for example the variable $optionsdoes not know what it intends to do. Neither does the variable $pdo.

And I don't know why it is the variable $pdothat is returned in the function.

I hope someone can help me with this question. Sorry if it's not the right way to ask StackOverflow, I know there was a tag for this type of question, but I don't remember it.
All the best.

php

2 Answers

  1. PHP currently uses two APIs to manage the connection to the database: PDOand mysqli. These APIs are actually classes like any other, and both were created as an alternative to the old API mysql_, which should no longer be used because it is deprecated.

    In the case at hand we are talking about PDO, if you look at the PHP Manual you will actually see that PDO is a class , with a constructor that receives well-defined parameters. That's why in your code you use new PDO (parametros). Doing that simply creates an instance of the PDO class, which you can use to manage everything related to the database through the different methods or properties that the class has.

    Let's look at the parameters that the PDO constructor accepts:

    public PDO::__construct ( string $dsn [, string $username [, string $password [, array $options ]]] )
    • $dsn: string with the Data Source Name (DSN), contains the information required to connect to the database.
    • $username: string with the username for the DSN string. This parameter is optional for some PDO drivers.
    • $password: string with the password for the DSN string. This parameter is optional for some PDO drivers.
    • $options: array of the form key=>value with controller-specific connection options. Those options can also be set apart using the setAttribute(). But it's best to use that method only if you want to change a setting dynamically for some reason. The fixed options of your object are best set at creation time, passing an array $optionsto the constructor, as is actually the case in your code.

    The parameters are passed in that order, and if all goes well, the variable that the result of is assigned to newwill be an instance of the PDO class. That's why your code returns a $pdoand not $connection, since the latter is just a string.

    I would recommend that you apply the naming convention principle here to avoid confusion. In that sense, instead of calling your variable $connectionit would be better to call it $dsn, which is what it actually represents.

    Another thing I want to point out is that the parameters passed in $optionsare not trivial. It is necessary to set FALSEemulated prepares, because they come in the TRUEdefault state and in certain scenarios it is possible to emulate a prepared query that ends in a SQL Injection attack .

    Setting proper error handling is also important, because otherwise PDO could end up printing the password and username to the error log when there is a connection failure. Apart from properly handling errors, I recommend that you use long passwords, so at least they will appear truncated in the error log, in case they get printed (error logs are the favorite files of hackers to exploit our systems) .

    Another thing I want to point out is that, if you don't want to have encoding problems, you should pass a parameter in the DSN charset, so that the connection brings the well-encoded data from the database, otherwise, when there are words accented by For example, they may be distorted. At the end of $dsnwe will add this: ;charset=UTF8and I assure you it will save you a lot of headaches :-)

    So I suggest you write the code like this:

    function connect(){ try {

            $dsn =  "mysql:host=". $this->host .";dbname=". $this->db.";charset=UTF8"; 
        $options = [
            PDO::ATTR_ERRMODE     => PDO::ERRMODE_EXCEPTION,
            PDO::ATTR_EMULATE_PREPARES => FALSE,
        ];

        $pdo = new PDO($dsn,$this->user,$this->password,$options);

        return $pdo;

    } catch (\Throwable $th) {
        //throw $th;
    }
}
    • 3
  2. Best Answer

    The variable $pdosaves access as an object to the PDO class through an instance $objeto = new ClaseNombre()that is responsible for connecting to MySQL in this case and that is where you pass the variable $connectionthat has the access credentials to your database manager

    1. $pdois the one that is returned because it has or contains what the PDO connection returns access or not access
    2. $optionsallows to store extra configuration attributes in associative array signature that you can review here
    3. PDO::ERRMODE_EXCEPTIONThrow an exception generated by PDO when the connection is treated
    4. PDO::ATTR_EMULATE_PREPARESIn charge of enabling or disabling the simulation of prepared statements (in your case it is being sent as false)

    Actually what it contains $connectionand $optionscould have been put directly into the PDO instance that it saves $pdobut what the author did was to fragment and separate

    • 2