Nugsoft Developer Guides

8. Database Interaction

Using PDO or MySQLi:

Always use PDO or MySQLi to interact with databases.

// Good (PDO)
$pdo = new PDO('mysql:host=localhost;dbname=testdb', 'user', 'password');  

// Good (MySQLi)
$conn = new mysqli('localhost', 'user', 'password', 'testdb');

// Bad
$conn = mysqli_connect('localhost', 'user', 'password', 'testdb');

Avoiding SQL Injection:

Always use prepared statements to prevent SQL injection.

// Good
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email'); 
// or
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = ?');

$stmt->execute(['email' => $email]);  

// Bad
$result = $pdo->query("SELECT * FROM users WHERE email = '$email'");
Back to Top