HomeFeaturedSecure OOP connection in PHP for advanced web development

Secure OOP connection in PHP for advanced web development

Secure OOP Codes

Secure OOP connection in PHP for advanced web development

Web application security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application’s code. Common targets for web application attacks are content management systems (e.g., WordPress), database administration tools (e.g., phpMyAdmin) and SaaS applications.

So  basically it is good to write codes and programs that would really stand the test of time, actually with wasting much of the time, i am going to write some codes which can be implemented in designing the backend of a website for performing basic crud operations and also real time setting up and implementation of different security features, and am going to deploy this secure code in an MVC pattern using PHP.

SELECTED JUST FOR YOU
Here is How Much You Should Spend on Your Next Hoverboard

Basically for connection in php we need to specify the database variables and various functions which would inter-work amongst themselves, now as i earlier said, we would be using the MVC pattern which means that i would be writing the code using classes.

To get started, you must have the PHP server installed in your computer system, either through xampp, Mamp, wamp or even the PHP inbuilt development server.

SELECTED JUST FOR YOU
How to explain the importance of SEO?

Create a folder : Class.php

Now it is in this folder that we would be creating our database connection files which would aid seriously in linking our files and tables together for maximal results. Now write the code below inside a file named databaseconnection.php

 

<?php
class DBController {
    private $host = "localhost";
    private $user = "root";
    private $password = "";
    private $database = "crud_example";
    private $conn;
    
    function __construct() {
        $this->conn = $this->connectDB();
    }   
    
    function connectDB() {
        $conn = mysqli_connect($this->host,$this->user,$this->password,$this->database);
        return $conn;
    }
    
    function runBaseQuery($query) {
        $resultset='';
        $result = $this->conn->query($query);   
        if ($result->num_rows > 0) {
            while($row = $result->fetch_assoc()) {
                $resultset[] = $row;
            }
        }
        return $resultset;
    }
       
    
    function runQuery($query, $param_type, $param_value_array) {
        $sql = $this->conn->prepare($query);
        $this->bindQueryParams($sql, $param_type, $param_value_array);
        $sql->execute();
        $result = $sql->get_result();
        
        if ($result->num_rows > 0) {
            while($row = $result->fetch_assoc()) {
                $resultset[] = $row;
            }
        }
        
        if(!empty($resultset)) {
            return $resultset;
        }
    }
    
    function bindQueryParams($sql, $param_type, $param_value_array) {
        $param_value_reference[] = & $param_type;
        for($i=0; $i<count($param_value_array); $i++) {
            $param_value_reference[] = & $param_value_array[$i];
        }
        call_user_func_array(array(
            $sql,
            'bind_param'
        ), $param_value_reference);
    }
    
    function insert($query, $param_type, $param_value_array) {
        $sql = $this->conn->prepare($query);
        $this->bindQueryParams($sql, $param_type, $param_value_array);
        $sql->execute();
        $insertId = $sql->insert_id;
        return $insertId;
    }
    
    function update($query, $param_type, $param_value_array) {
        $sql = $this->conn->prepare($query);
        $this->bindQueryParams($sql, $param_type, $param_value_array);
        $sql->execute();
    }
}
?>

Then you have created a base class for the secure connection in PHP, now remember prepared statements in PHP, they are one of the most secure form of writing codes in php, because they specify beforehand the data type of a variable before it is passed to the database, so even if a wrong data type is input maybe due to a malicious attack from a hacker, the attack remains Null and void.

SELECTED JUST FOR YOU
5 Reasons to Take Your Brick-and-Mortar Business Online

see ya’

Samuel Jim

Am a Software developer with a 3 year professional experience in several technologies not limited to PHP PYTHON and JavaScript, furthermore when am not coding or writing tech articles, you'll find me watching movies.

View all posts

Add comment

Your email address will not be published. Required fields are marked *