First create an object of dblayer --> $db = new DBLayer('short database name used in config') * * --> Insert --> $db->insert( $tb_name, $data ) * $tb_name = table name in which we want to insert data * $data = array of data that needs to be inserted in format('fieldname' => $value) where fieldname must be a field in that table. * * --> select --> $db->select( $tb_name, $data, $where ) * $tb_name = table name which we want to select * $data = array of data which is then required in WHERE clause in format array('fieldname'=>$value) fieldname must be a field in that table. * $where = string in format ('fieldname=:fieldname') where :fieldname takes it's value from $data array. * * --> update --> $db->update( $tb_name, $data, $where ) * $tb_name = table name which we want to update * $data = array of data which contains the filelds that need to be updated with their values in the format('fieldname' => $value,...) where fieldname must be a field in that table. * $where = string contains the filename with a value at that field in the format ('fieldname = $value') where fieldname must be a field in that table and $value is value respect to that field. * * --> delete --> $db->delete( $tb_name, $data, $where ) * $tb_name = table name where we want to delete. * $data = array of data which is then required in WHERE clause in format array('fieldname'=> $value) where fieldname must be a field in that table. * $where = string in format ('fieldname=:fieldname') where :fieldname takes it's value from $data array. * * * @author Daan Janssens, mentored by Matthew Lagoe * */ $PDOCache = array(); class DBLayer { private $PDO; private $host; private $dbname; /** * The PDO object, instantiated by the constructor */ /** * The constructor. * Instantiates the PDO object attribute by connecting to the arguments matching database(the db info is stored in the $cfg global var) * * @param $db String, the name of the databases entry in the $cfg global var. * @param $dbn String, the name of the databases entry in the $cfg global var if $db referenced to an action(install etc). */ function __construct($db, $dbn = null) { global $cfg; $this->host = $cfg['db'][$db]['host']; $this->dbname = $cfg['db'][$db]['name']; global $PDOCache; if (isset($PDOCache[$this->host])) { $this->PDO = $PDOCache[$this->host]['pdo']; } else { $dsn = "mysql:"; $dsn .= "host=" . $cfg['db'][$db]['host'] . ";"; // $dsn .= "dbname=" . $cfg['db'][$db]['name'] . ";"; $dsn .= "port=" . $cfg['db'][$db]['port'] . ";"; $opt = array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_PERSISTENT => true ); $this->PDO = new PDO($dsn, $cfg['db'][$db]['user'], $cfg['db'][$db]['pass'], $opt); $PDOCache[$this->host] = array(); $PDOCache[$this->host]['pdo'] = $this->PDO; $PDOCache[$this->host]['use'] = $this->dbname; $this->PDO->query('USE ' . $this->dbname . ';'); // FIXME safety } } function __destruct() { $this->PDO = NULL; } function useDb() { global $PDOCache; if ($PDOCache[$this->host]['use'] != $this->dbname) { $PDOCache[$this->host]['use'] = $this->dbname; $this->PDO->query('USE ' . $this->dbname . ';'); // FIXME safety } } /** * Execute a query that doesn't have any parameters. * * @param $query the mysql query. * @return returns a PDOStatement object. */ public function executeWithoutParams($query) { $this->useDb(); $statement = $this->PDO->prepare($query); $statement->execute(); return $statement; } /** * Execute a query that has parameters. * * @param $query the mysql query. * @param $params the parameters that are being used by the query. * @return returns a PDOStatement object. */ public function execute( $query, $params ) { $this->useDb(); $statement = $this -> PDO -> prepare( $query ); $statement -> execute( $params ); return $statement; } /** * Insert function which returns id of the inserting field. * * @param $tb_name table name where we want to insert data. * @param $data the parameters that are being inserted into table. * @return returns the id of the last inserted element. */ public function executeReturnId( $tb_name, $data, $datafunc = array() ) { $this->useDb(); $field_options = implode(',', array_merge(array_keys($data), array_keys($datafunc))); $field_values = implode(',', array_merge(array(':' . implode(',:', array_keys($data))), array_values($datafunc))); try { $sth = $this -> PDO -> prepare( "INSERT INTO $tb_name ($field_options) VALUE ($field_values)" ); foreach ( $data as $key => $value ) { $sth -> bindValue( ":$key", $value ); } $this -> PDO -> beginTransaction(); $sth -> execute(); $lastId = $this -> PDO -> lastInsertId(); $this -> PDO -> commit(); } catch ( Exception $e ) { // for rolling back the changes during transaction // $this -> PDO -> rollBack(); throw $e; // new Exception( "error in inseting" ); } return $lastId; } /** * Select function using prepared statement. * For selecting particular fields. * * @param string $param field to select, can be multiple fields. * @param string $tb_name Table Name to Select. * @param array $data array of data to be used in WHERE clause in format('fieldname'=>$value). 'fieldname' must be a field in that table. * @param string $where where to select. * @return statement object. */ public function selectWithParameter( $param, $tb_name, $data, $where ) { $this->useDb(); try { $sth = $this->PDO->prepare( "SELECT $param FROM $tb_name WHERE $where" ); $sth->execute( $data ); } catch ( Exception $e ) { throw $e; // new Exception( "error selection" ); return false; } return $sth; } /** * Select function using prepared statement. * For selecting all fields in a table. * * @param string $tb_name Table Name to Select. * @param array $data array of data to be used with WHERE part in format('fieldname'=>$value,...). 'fieldname' must be a field in that table. * @param string $where where to select in format('fieldname=:fieldname' AND ...). * @return statement object. */ public function select($tb_name, $data , $where) { $this->useDb(); try { $sth = $this->PDO->prepare("SELECT * FROM $tb_name WHERE $where"); $sth->execute( $data ); } catch (Exception $e) { throw $e; // new Exception( "error selection" ); return false; } return $sth; } /** * Update function with prepared statement. * * @param string $tb_name name of the table on which operation to be performed. * @param array $data array of data in format('fieldname' => $value,...).Here, only those fields must be stored which needs to be updated. * @param string $where where part in format ('fieldname'= $value AND ...). 'fieldname' must be a field in that table. * @throws Exception error in updating. */ public function update( $tb_name, $data, $where ) { $this->useDb(); $field_option_values = null; foreach ( $data as $key => $value ) { $field_option_values .= ",$key" . '=:' . $key; } $field_option_values = ltrim( $field_option_values, ',' ); try { $sth = $this -> PDO -> prepare( "UPDATE $tb_name SET $field_option_values WHERE $where " ); foreach ( $data as $key => $value ) { $sth -> bindValue( ":$key", $value ); } $this -> PDO -> beginTransaction(); $sth -> execute(); $this -> PDO -> commit(); } catch ( Exception $e ) { $this->PDO->rollBack(); throw $e; // new Exception( 'error in updating' ); return false; } return true; } /** * insert function using prepared statements. * * @param string $tb_name Name of the table on which operation to be performed. * @param array $data array of data to insert in format('fieldname' => $value,....). 'fieldname' must be a field in that table. * @throws error in inserting. */ public function insert($tb_name, $data, $datafunc = array()) { $this->useDb(); $field_options = implode(',', array_merge(array_keys($data), array_keys($datafunc))); $field_values = implode(',', array_merge(array(':' . implode(',:', array_keys($data))), array_values($datafunc))); try { $sth = $this->PDO->prepare("INSERT INTO $tb_name ($field_options) VALUE ($field_values)"); foreach ($data as $key => $value) { $sth->bindValue(":$key", $value); } $this->PDO->beginTransaction(); // execution $sth->execute(); $this->PDO->commit(); } catch (Exception $e) { // for rolling back the changes during transaction $this->PDO->rollBack(); throw $e; // new Exception("error in inserting"); } } /** * Delete database entery using prepared statement. * * @param string $tb_name table name on which operations to be performed. * @param $data array with values in the format('fieldname'=> $value,...). 'fieldname' must be a field in that table. * @param string $where condition based on $data array in the format('fieldname=:fieldname' AND ...). * @throws error in deleting. */ public function delete( $tb_name, $data, $where ) { $this->useDb(); try { $sth = $this->PDO->prepare( "DELETE FROM $tb_name WHERE $where" ); $this->PDO->beginTransaction(); $sth->execute( $data ); $this->PDO->commit(); } catch (Exception $e) { $this->PDO->rollBack(); throw $e; // new Exception( "error in deleting" ); } } }