Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Development CodeIgniter 3.x PDO Drivers
PDO Drivers
  • Offline sneakyimp
    Member
  • ***
  • Posts: 189
    Threads: 53
    Joined: Dec 2014
    Reputation: 3
#7
09-07-2018, 04:13 PM
(This post was last modified: 09-07-2018, 04:18 PM by sneakyimp.)

EDIT: I should have read Narf's post first, but I think I've provided some additional detail here which may prove useful for CI 3 users.

(01-17-2018, 03:29 PM)daveĀ friend Wrote: From the PHP PDO documentation:
Quote:PDO provides a data-access abstraction layer, which means that, regardless of which database you're using, you use the same functions to issue queries and fetch data.

You could substitute CodeIgniter for PDO in the above and be completely accurate.
I love codeigniter but this statement suggests a false equivalence and is misleading. There's a fundamentally superior separation between SQL and the data it manipulates in a properly implemented prepared statement operation because the data is passed as a separate parameter rather than merged into a string. This data separation is analagous to having an actual array defined as a PHP object versus data imported from CSV code or JSON code. The use of prepared statements generates byte code in your DBMS engine that is entirely separate from the data to be manipulated. This provides much more thorough and reliable protection against SQL injection.

Furthermore, genuine prepared statements offer greater efficiency in a looping situation because the byte code generated can be cached and reused between distinct db operations without the need to recompile bytecode from the SQL

(01-17-2018, 03:29 PM)daveĀ friend Wrote: If it offered one-to-one matches for PDO methods wouldn't it be PDO?
No, it would not be.

It's not entirely misleading for CodeIgniter to say that a PDO engine is used. It does make use of PDO functions, but it does not offer genuine prepared statement functionality. I, for one, would like to see genuine MySQL prepared statements offered.

For anyone using PDO to connect to a mysql database who wants prepared statement functionality, I've had luck with this approach:
Code:
// if you connect using pdo engine, the PDO object is $this->db->conn_id in your controller
// set PDO to throw exceptions for errors or you might have trouble figuring out problems
$set = $this->db->conn_id->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// this should do the real-deal PDO prepare, but may also result in emulation, depending on how you've installed PHP and/or mysql
$v = $this->db->conn_id->prepare("SELECT * FROM my_table WHERE my_col=?");
if (!$v) {
throw new Exception("statement prepare failed: " . print_r($v, TRUE));
}
// tells PDO to execute your previously prepared bytecode using this data
$result = $v->execute(array("video games"));
if (!$result) {
throw new Exception("query failed");
}
print_r($v->fetchAll());

I believe that to get genuine, non-emulated PDO, you also need to install/compile PHP with the option --with-pdo-mysql=mysqlnd.
Reply


Messages In This Thread
PDO Drivers - by dturner123 - 01-16-2018, 08:47 AM
RE: PDO Drivers - by Narf - 01-17-2018, 03:53 AM
RE: PDO Drivers - by dturner123 - 01-17-2018, 04:08 AM
RE: PDO Drivers - by dave friend - 01-17-2018, 03:29 PM
RE: PDO Drivers - by sneakyimp - 09-07-2018, 04:13 PM
RE: PDO Drivers - by Narf - 01-19-2018, 02:32 PM
RE: PDO Drivers - by kilishan - 01-17-2018, 08:25 PM



Theme © iAndrew 2016 - Forum software by © MyBB