Monday 11 August 2014

Difference Between Mysqli and Pdo in php


We have two choices for accessing the database in Php:
MySQLi and PDO.
we will discuss difference between PDO and MySQLi on various feature like database support, stability and performance to find which is the better API.
Connection Way
1.PDO 
$pdo = new PDO("mysql:host=localhost.com;dbname=data", 'username', 'password');
2.mysqli, procedural style
$mysqli = mysqli_connect('localhost.com','username','password','data');
3. mysqli,object oriented style
$mysqli = new mysqli('localhost.in','username','password','data');
1.API Support
Both PDO and MySQLi provides an object-oriented approach, but MySQLi provides a procedural way also like old mysql extension. New users may prefer MySQLi because of procedural interface which is similar to old mysql extension, So the migrating from the old mysql extension is easier. But after mastering in PDO, you can use it with any database you like.
2.Security
Both PDO and MySQLi provide SQL injection security, as long as developer follow them with features like escaping and parameter binding with prepared statements.
For example a hacker is trying to inject some malicious SQL through the ‘name’ HTTP query parameter (POST):
 $_POST['name'] = "'; DELETE FROM users; /*"
If we fail to escape, it will be added in query “as it is” , it will delete all rows from users table as PDO and MySQLi support multiple queries.
// PDO, “manual” escaping
$name = PDO::quote($_POST['name']); 
$pdo->query("SELECT * FROM users WHERE name = $name");
// mysqli, “manual” escaping
$name = mysqli_real_escape_string($_POST['name']); 
$mysqli->query("SELECT * FROM users WHERE name = '$name'");
PDO::quote() not only escapes the string, but it also quotes it. But mysqli_real_escape_string() will only escape the string, you will need to apply the quotes manually.
// PDO, prepared statement
$pdo->prepare('SELECT * FROM users WHERE name = :name');
$pdo->execute(array(':name' => $_POST['name']));
// mysqli, prepared statements
$query = $mysqli->prepare('SELECT * FROM users WHERE name = ?');
$query->bind_param('s', $_POST['name']);
$query->execute();
I always recommend you to use prepared statements with bound queries instead of PDO::quote() and mysqli_real_escape_string().
3.Database Support
The main advantage of PDO over MySQLi is its database driver support. PDO supports 12 different drivers and MySQLi supports MySQL only.
To get the list of all drivers that PDO supports, use following code:
var_dump(PDO::getAvailableDrivers());
When you require to switch your project to use another database, in PDO you’ll have to change the connection string and a few queries – if they use methods which are not supported by new database. But in MySQLi, you will have to rewrite every part of code that included queries.














Conclusion:



Posted by at 3 comments:

Sunday 10 August 2014

How to insert data using pdo in three steps in php


Follow the Steps

Step1:Make a connection.
Step2: Pass the query into prepare() fucntion.
Step3: Execute the prepare statement.
Note: we already created Database as registration  and table as user
 Index.php
 <?php
$hostname='localhost';
$username='root';
$password='';
try {
$dbh = new PDO("mysql:host=$hostname;dbname=registration",$username,$password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo 'Connected to Database<br/>';
$name="enjoymyphp";
$password="12352";
$email="enjoymyphp@gmail.com";
$sql =$dbh->prepare("insert into user SET name='".$name."',password='".$password."',email='".$email."'");
$sql->execute();
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>

Posted by at 1 comment:

How to fetch the data from database using pdo in Four steps in php



Follow the Steps
Step1:Make a connection.
Step2: Pass the query into prepare() fucntion.
Step3: Execute the prepare statement.
Step4: Create for loop and use the fetch() to retrieve the data.
Note: we already created Database as registration  and table as user

<body>
<center>
<table border="1" cellspacing="1" cellpading>
<tr>
<td>Id</td>
<td>Name</td>
<td>Password</td>
<td>Email</td>
</tr>
 <?php
$hostname='localhost';
$username='root';
$password='';
try {
$dbh = new PDO("mysql:host=$hostname;dbname=registration",$username,$password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 echo 'Connected to Database<br/>';
$sql= $dbh->prepare("SELECT * FROM user");
$sql->execute();
for($i=0; $row=$sql->fetch();$i++){
echo "<tr><td>".$row["id"]."</td> ";
echo "<td>". $row["name"] ."</td> "; 
echo "<td>".$row["password"]."</td> ";
echo "<td>".$row["email"]."</td></tr>";
}
$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>
</table>
</center>
</body>
Posted by at 2 comments:

Friday 8 August 2014

How to delete any record from database in five step in php


Follow the Step:
Step 1: Select the host
Step2: Connect to the database
Step3: Fetch the Data using  mysqli_fetch_array() function .
Step4:Add <a href ='index.php?id=$id'> it.
Step5:Check id and execute delete query
My Database Name is registration and table name is user. 










Index.php 
 <body>

<?php
$username = "root";
$password = "";
$hostname = "localhost";
$database_name='registration';
$dbhandle = mysqli_connect($hostname ,$username ,$password ,$database_name)
or die("Unable to connect to MySQL");
$query="select *from user";
$abc=  mysqli_query($dbhandle,$query);
?> 
<center>
<table border="1" cellspacing="1" cellpading>  
<tr>
<td>Id</td>
<td>Name</td>
<td>Password</td> 
 <td>Email</td>
<td>delete</td>
</tr>
<?php
while ($row = mysqli_fetch_array($abc))
 {
$id=  $row['id'];
echo "<tr align='center'>";
echo"<td><font color='black'>" .$row['id']."</font></td>";
echo"<td><font color='black'>" .$row['name']."</font></td>";
echo"<td><font color='black'>". $row['password']. "</font></td>";
echo"<td><font color='black'>". $row['email']. "</font></td>";
echo"<td> <a href ='index.php?id=$id'><center>Delete</center></a>";
echo "</tr>";         
}

if(isset($_GET['id']))
{
$delete_id=$_GET['id'];
 $query="DELETE FROM user WHERE id='".$delete_id."';

$message=mysqli_query($dbhandle,$query);
if($message)
{
echo"Successfully Deleted";
} else
{
echo"Something Going Wrong";
} 
}
?>
</table>
</center>
</body>

Output will be

 
After Delete id=4 Output will be . Refresh the page


 



Posted by at No comments:

Thursday 7 August 2014

How to fetch data from database in four simple step in php

Follow the Step:

Step 1: Select the host
Step2: Connect to the database
Step3:Create the fetch query  to reterive all data
Step4. Use mysqli_fetch_array() function .

My Table look like 
table










Index.php

<body>

<?php
$username = "root";
$password = "";
$hostname = "localhost";
$database_name='registration';
$dbhandle = mysqli_connect($hostname,$username,$password,$database_name)
or die("Unable to connect to MySQL");
$query="select *from user";
$abc=  mysqli_query($dbhandle,$query);
?>
 <center>
 <table border="1" cellspacing="1" cellpading>
<tr>
 <td>Id</td>
<td>Name</td>
<td>Password</td>
<td>Email</td>
</tr>
<?php
while ($row = mysqli_fetch_array($abc))
{
 echo "<tr align='center'>";
echo"<td><font color='black'>" .$row['id']."</font></td>";
echo"<td><font color='black'>" .$row['name']."</font></td>";
echo"<td><font color='black'>". $row['password']. "</font></td>";
echo"<td><font color='black'>". $row['email']. "</font></td>";
echo "</tr>";
}
?>
</table>
</center>
    </body>

Output
table


Posted by at 1 comment:

How to connect with database in three step in php


Follow the step
Step 1:  Create Database and table.
 
Step2: Enter hostname, Database name.

Step3:Insert Data and Execute the Query.
This is my database and my database name is registration and table name is user.

We are inserting  a data statically(already data is selected).

        
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$database_name='registration';
$password=” ”;
$dbhandle = mysqli_connect('localhost',$username ,$password,$database_name)
or die("Unable to connect to MySQL");
 $name ="Gaurav";
$password1="1234";
 $email="gauravrautela123@gmail.com";
 $query="insert into user set name='".$name."',password='".$password1."', email='".$email."'"; 
$execute =  mysqli_query($dbhandle, $query);
 If($execute)
     {
                 echo "Congrats Data inserted";
 }else{
                echo  "Something Going Wrong";
}
?>
After Insertion :



Terminology:
mysqli_connect(): It is php connection method,we can pass  four argument hostname,username,password,Database name.

Die();It stop the rest of exection if die methiod will exectute and show the

messages.
 

Posted by at 6 comments:
Subscribe to: Posts (Atom)