Secure OOP connection in PHP for advanced web development

Web application security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application’s code. Common targets for web application attacks are content management systems (e.g., WordPress), database administration tools (e.g., phpMyAdmin), and SaaS applications.

So basically it is good to write codes and programs that would really stand the test of time, actually with wasting much of the time, I am going to write some codes which can be implemented in designing the backend of a website for performing basic crud operations and also real-time setting up and implementation of different security features, and am going to deploy this secure code in an MVC pattern using PHP.

Basically, for connection in PHP, we need to specify the database variables and various functions that would inter-work amongst themselves, now as I earlier said, we would be using the MVC pattern which means that I would be writing the code using classes.

To get started, you must have the PHP server installed in your computer system, either through xampp, Mamp, wamp, or even the PHP inbuilt development server.

Create a folder: Class.php

Now it is in this folder that we would be creating our database connection files which would aid seriously in linking our files and tables together for maximal results. Now write the code below inside a file named databaseconnection.php

<?php
class DBController {
    private $host = "localhost";
    private $user = "root";
    private $password = "";
    private $database = "crud_example";
    private $conn;
    function __construct() {
        $this->conn = $this->connectDB();
    }
    function connectDB() {
        $conn = mysqli_connect($this->host,$this->user,$this->password,$this->database);
        return $conn;
    }
    function runBaseQuery($query) {
        $resultset='';
        $result = $this->conn->query($query);
        if ($result->num_rows > 0) {
            while($row = $result->fetch_assoc()) {
                $resultset[] = $row;
            }
        }
        return $resultset;
    }
    function runQuery($query, $param_type, $param_value_array) {
        $sql = $this->conn->prepare($query);
        $this->bindQueryParams($sql, $param_type, $param_value_array);
        $sql->execute();
        $result = $sql->get_result();
        if ($result->num_rows > 0) {
            while($row = $result->fetch_assoc()) {
                $resultset[] = $row;
            }
        }
        if(!empty($resultset)) {
            return $resultset;
        }
    }
    function bindQueryParams($sql, $param_type, $param_value_array) {
        $param_value_reference[] = & $param_type;
        for($i=0; $i<count($param_value_array); $i++) {
            $param_value_reference[] = & $param_value_array[$i];
        }
        call_user_func_array(array(
            $sql,
            'bind_param'
        ), $param_value_reference);
    }
    function insert($query, $param_type, $param_value_array) {
        $sql = $this->conn->prepare($query);
        $this->bindQueryParams($sql, $param_type, $param_value_array);
        $sql->execute();
        $insertId = $sql->insert_id;
        return $insertId;
    }
    function update($query, $param_type, $param_value_array) {
        $sql = $this->conn->prepare($query);
        $this->bindQueryParams($sql, $param_type, $param_value_array);
        $sql->execute();
    }
}
?>

Then you have created a base class for the secure connection in PHP, now remember prepared statements in PHP, they are one of the most secure forms of writing codes in PHP, because they specify beforehand the data type of a variable before it is passed to the database, so even if a wrong data type is input may be due to a malicious attack from a hacker, the attack remains Null and void.
see ya’

Popular Categories

Popular Read

Samuel Jimhttps://foxstate.co/
Samuel Jim Nnamdi is the CTO of Foxstate, a platform that powers digital infrastructures for Real estate financing globally. He has over 8 years of Software Engineering and CyberSecurity expertise.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here