I created this class to connect to my database and read somewhere that having different users for the connection is the most secure. So I made a user for the four different options I use at the moment one for Update, Select, Delete, and Insert. I wasn’t really sure if it was necessary to create a user for each one of these. I am basically wondering what I could do to improve this class. I know these questions have appeared a lot on here but everyone’s class seems to be different, so I figured I’d ask.
Here is the pastebin for the code.. Its very long otherwise I’d just post it here. If pastebin is an issue I’ll add the code anyway.
(edit by ninetwozero: put the code inline)
<?php
class DB_Connection {
//Subject to change
protected $_DATABASE = '#';
protected $_HOST = '#';
protected $_SELECT = array( 'connection' => null,
'user' => '#',
'pass' => '#',
'alive' => FALSE,
'thread' => '' );
protected $_INSERT = array( 'connection' => null,
'user' => '#',
'pass' => '#',
'alive' => FALSE,
'thread' => '' );
protected $_DELETE = array( 'connection' => null,
'user' => '#',
'pass' => '#',
'alive' => FALSE,
'thread' => '' );
protected $_UPDATE = array( 'connection' => null,
'user' => '#',
'pass' => '#',
'alive' => FALSE,
'thread' => '' );
/**
* Take an input and create that connection and connect to the database
* using the appropriate logins
* @param $type - Type of connection; SELECT, UPDATE, DELETE, INSERT
*/
public function __construct( $type ) {
switch($type) {
case "SELECT":
// Create the connection
$this->_SELECT['connection'] = new mysqli($this->_HOST,
$this->_SELECT['user'],
$this->_SELECT['pass'],
$this->_DATABASE );
// State that the connection is alive
$this->_SELECT['alive'] = TRUE;
// Put in the thread ID that is created when the connection is established
$this->_SELECT['thread'] = $this->_SELECT['connection']->thread_id;
// Verify that the connection was successfull
if($this->_SELECT['connection']->connect_error) {
die('Connection error: ' . $this->_SELECT['connection']->connect_errorno . ' ' .
$this->_SELECT['connection']->connect_error );
//TODO Create better error handling
} else {
echo "connection worked somehow.<br />";
}
case "INSERT":
// Create the connection
$this->_INSERT['connection'] = new mysqli($this->_HOST,
$this->_INSERT['user'],
$this->_INSERT['pass'],
$this->_DATABASE );
// State that the connection is alive
$this->_INSERT['alive'] = TRUE;
// Put in the thread ID that is created when the connection is establishedq
$this->_INSERT['thread'] = $this->_INSERT['connection']->thread_id;
// Verify that the connection was successfull
if($this->_INSERT['connection']->connect_error) {
die('Connection error: ' . $this->_INSERT['connection']->connect_errorno . ' ' .
$this->_INSERT['connection']->connect_error );
//TODO Create better error handling
} else {
echo "connection worked somehow.<br />";
}
case "DELETE":
// Create the connection
$this->_DELETE['connection'] = new mysqli($this->_HOST,
$this->_DELETE['user'],
$this->_DELETE['pass'],
$this->_DATABASE );
// State that the connection is alive
$this->_DELETE['alive'] = TRUE;
// Put in the thread ID that is created when the connection is establishedq
$this->_DELETE['thread'] = $this->_DELETE['connection']->thread_id;
// Verify that the connection was successfull
if($this->_DELETE['connection']->connect_error) {
die('Connection error: ' . $this->_DELETE['connection']->connect_errorno . ' ' .
$this->_DELETE['connection']->connect_error );
//TODO Create better error handling
} else {
echo "connection worked somehow.<br />";
}
case "UPDATE":
// Create the connection
$this->_UPDATE['connection'] = new mysqli($this->_HOST,
$this->_UPDATE['user'],
$this->_UPDATE['pass'],
$this->_DATABASE );
// State that the connection is alive
$this->_UPDATE['alive'] = TRUE;
// Put in the thread ID that is created when the connection is establishedq
$this->_UPDATE['thread'] = $this->_UPDATE['connection']->thread_id;
// Verify that the connection was successfull
if($this->_UPDATE['connection']->connect_error) {
die('Connection error: ' . $this->_UPDATE['connection']->connect_errorno . ' ' .
$this->_UPDATE['connection']->connect_error );
//TODO Create better error handling
} else {
echo "connection worked somehow.<br />";
}
}// END CASE
}// END _construct
public function get_Select_Con() {
return $this->_SELECT['connection'];
}
public function get_Insert_Con() {
return $this->_INSERT['connection'];
}
public function get_Delete_Con() {
return $this->_DELETE['connection'];
}
public function get_Update_Con() {
return $this->_UPDATE['connection'];
}
/**
* Kill the threads and close the connection
*/
public function __destruct() {
if ($this->_SELECT['alive'] == TRUE) {
$this->_SELECT['connection']->kill($this->_SELECT['thread']);
$this->_SELECT['connection']->close();
echo " thread killed and connection closed";
}
if ($this->_INSERT['alive'] == TRUE) {
$this->_INSERT['connection']->kill($this->_INSERT['thread']);
$this->_INSERT['connection']->close();
echo " thread killed and connection closed";
}
if ($this->_DELETE['alive'] == TRUE) {
$this->_DELETE['connection']->kill($this->_DELETE['thread']);
$this->_DELETE['connection']->close();
echo " thread killed and connection closed";
}
if ($this->_UPDATE['alive'] == TRUE) {
$this->_UPDATE['connection']->kill($this->_UPDATE['thread']);
$this->_UPDATE['connection']->close();
echo " thread killed and connection closed";
}
}// END _destruct
}
?>
You probably haven’t understood things correctly. Database access should, most of the time, be made inside a transaction, which guaranteed ACIDity. And in the same transaction, you’ll have selects, inserts, updates and deletes. Having 4 different users (and thus 4 seperate connections, and thus 4 separate transactions) for each kind of operation is just a VERY bad idea.