{"id":2416,"date":"2016-04-12T08:41:58","date_gmt":"2016-04-12T15:41:58","guid":{"rendered":"http:\/\/www.wellgolly.com\/?p=2416"},"modified":"2016-04-28T10:36:33","modified_gmt":"2016-04-28T17:36:33","slug":"a-quick-note-on-migrating-to-pdo","status":"publish","type":"post","link":"https:\/\/www.wellgolly.com\/?p=2416","title":{"rendered":"A Quick Note on Migrating to PDO"},"content":{"rendered":"

Migrating from mySQLi to PDO was really painless. I changed the database access as described previously. Then using the same query as previously, I added the database name `website` and then used the following code:
\n

\n$qry = "SELECT * FROM product;\n$res= $dbWG->query($qry);\n\nif (!$res)\n    die(mysqli_error($dbWG));\n\n$numRows = mysqli_num_rows($res);\n\nfor ($i = 0; $i < $numRows; $i++) {\n    $row   = $res->fetch_array();\n<\/code><\/pre><\/p>\n
\n$qry = "SELECT * FROM `website`.`product`;\n$stmt = $dbWG->prepare($qry);\n$stmt->execute();\n\n$results = $stmt->fetchAll();\nforeach($results as $row) {<\/code><\/pre><\/p>\n
One of the reasons to use PDO is that it has prepared statements that will automatically escape inputs so that injection attacks are mitigated.<\/p>\n
It is simple to change the your code if you are using input from the user to construct the query.
\nIf you do a simple convert, like above, to you end up with something like this:
\n
\n\/\/ get the current category name\n$qry  = "SELECT name FROM `website`.`book_category` ";\n$qry .= "WHERE id = $categoryID";\n  \n$stmt = $dbWG->prepare($qry);\n$stmt->execute();\n\n$results = $stmt->fetch();\ncategoryName = $results['name'];\n<\/code><\/pre><\/p>\n
A simple change in the query and a bind statement lets PHP automatically escape the user input.
\n
\n\/\/ get the current category name\n$qry  = "SELECT name FROM `website`.`book_category` ";\n$qry .= "WHERE id = :categoryID";\n\n$stmt = $dbWG->prepare($qry);\n$stmt->bindParam(':categoryID', $categoryID);\n$stmt->execute();\n\n$results = $stmt->fetch();\n$categoryName = $results['name'];<\/code><\/pre> <\/p>\n","protected":false},"excerpt":{"rendered":"
Migrating from mySQLi to PDO was really painless. I changed the database access as described previously. Then using the same query as previously, I added the database name `website` and then used the following code: $qry = "SELECT * FROM product; $res= $dbWG->query($qry); if (!$res)     die(mysqli_error($dbWG)); $numRows = mysqli_num_rows($res); for ($i = 0; $i < … Continue reading A Quick Note on Migrating to PDO<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[],"class_list":["post-2416","post","type-post","status-publish","format-standard","hentry","category-mysql"],"_links":{"self":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/2416","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2416"}],"version-history":[{"count":0,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/2416\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2416"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2416"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2416"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}