PDO CRUD Overview
PDO is a Database Access Abstraction Layer Class which protects your system from most SQL Injection due to their 2 step (Prepare and Execute). SQL Databases connect thru the PDO Class constructor [libs/MySQL.php],
which parameters are initialized in [config/config.php]
SQL Database Access Section:
__construct( $DB_TYPE, $DB_HOST, $DB_NAME, $DB_USER, $DB_PASS )
These functions below typically execute in the Controller Class, but more complex SQL queries and
maintenance should be placed in the Model Class of the specific controller being used.
- getOne() - fetches a single row based on WHERE criteria
- select() - returns a result set based on WHERE criteria
- insert() - creates one row in table
- update() - updates row based on WHERE criteria
- delete() - deletes row(s) based on WHERE criteria
- pdoQuery() - non-crud queries (SELECT) returns result set
- pdoExec() - non-crud SQL statements returns affected rows
- pdoFetchAll() - returns array of rows returned by the query
$ar['rc'] = 'ok' - for successful operation
$ar['rc'] = 'bad' - for failure
Additionally, insert returns $ar["tableid"] indicating newly generated Id Sequence for table row inserted
In controller class, reference PDO DB object: $this->model->db
In model class, reference PDO DB object: $this->db
To use the PDO CRUD class, you MUST adhere to SQL table standards below:
Database table and columns names always all lowercase, no underscores, no hyphens, etc.
Table primary keys must be tablename + id
e.g. userid, menuid (these always defined as unsigned integers[11])
All tables are timestamped. Thus, must have datetime datatype column defined as follows:
createdate - datetime
lastupdate - datetime
The timestamp columns are automatically maintained when using the PDO CRUD Class.
Note: PDO::prepare states that "you cannot use a named parameter marker of the same name twice in a prepared statement"
..use pdoQuery() or pdoExec() functions, for more complex queries or maintenance