Book Image

Learning PHP Data Objects

By : Dennis Popel
Book Image

Learning PHP Data Objects

By: Dennis Popel

Overview of this book

PDO is lighter, faster, and more powerful than existing PHP data abstraction interfaces. PDO is a common interface to different databases that must be used with a database-specific PDO driver to access a particular database server: the PDO extension does not provide a database abstraction by itself; it doesn't rewrite SQL, emulate missing database features, or perform any database functions using by itself. It performs the same role as other classic database abstraction layers such as ODBC and JDBC: it's a query abstraction layer that abstracts the mechanism for accessing a database and manipulating the returned records; each database driver that implements the PDO interface can also expose database-specific features as regular extension functions. ¬ PDO ships with PHP 5.1, and is available as an extension for PHP 5.0; it requires the new object-oriented features of PHP 5, and cannot run with earlier versions of PHP.This book will teach you how to use the PDO, including its advanced features. Readers need to be aware of the basics of data abstraction and should be familiar with PHP.
Table of Contents (13 chapters)

Securing against Uncaught Exceptions

As we have seen previously, we place the try...catch blocks around code that can throw exceptions. However, in very rare cases, there might be some unexpected exceptions. We can imitate such an exception by modifying one of the queries so that it contains some malformed SQL. For example, let's edit authors.php, line 16 to the following:

$q = $conn->query("SELECT * FROM authors ORDER BY lastName, firstName");

Now try to navigate to authors.php with your browser to see that an uncaught exception has occurred. To correctly handle this situation, we either should create an exception handler or wrap every block of code that calls PDO or PDOStatement class methods in a try…catch block.

Let's see how we can create the exception handler. This is an easier approach as it does not require changing lots of code. However, for big applications this may be bad practice as handling exceptions, where they occur may be more secure and better recovery logic can be applied...