Home/ Questions/Q 8929329
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T08:39:02+00:00

So I basically have two files. At the end I would have more, but

  • 0

So I basically have two files. At the end I would have more, but I would like to create a class called DB that would use PDO database operations, and then I would extend this class to make all of my functions for working with the database. So DB class, would then extend to class dbADD, that would have all the add functions for different database tables.

This is called config.php:

<?php

DEFINE ('DBHOST', 'localhost');
DEFINE ('DBUSER', 'REMOVED');
DEFINE ('DBPSW', 'REMOVED');
DEFINE ('DBNAME', 'REMOVED');

class DB {
    public $db;
    private static $instance;   

    public function __constructor(){
        $config ['db'] = array(
        'host'      =>  DBHOST,
        'username'  =>  DBUSER,
        'password'  =>  DBPSW,
        'dbname'    =>  DBNAME,
        );

        $this->db = new PDO('mysql:host ='  . $config['db']['host'] . ';dbname='  .   $config['db']['dbname'],$config['db']['username'],$config['db']['password']) ;
    }

    public static function getInstance()
    {
        if (!isset(self::$instance))
        {
            $object = __CLASS__;
            self::$instance = new $object;
        }
        return self::$instance;
    }

    public function GetArticles ($search){
        $sql = "SELECT `FirstColumn`, `SrcColumn`, `article` FROM `test_table`  WHERE `FirstColumn` = 23";  

        //$dbs = new DB();
        $dbs = DB::getInstance();
        $query = $dbs->db->prepare($sql);
        //$query->bindValue(':search', $search, PDO::PARAM_INT);
        $query->execute();

        while ($row = $query->fetch(PDO::FETCH_OBJ)) {
            // = $row['article'],'</br>';
            $return = $row['article'];
        }   
        return $return;
    }
}
?>

This file is my test file, which is not that important just a testing-ground. Called test.php:

<?php
require_once('app_core/config.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>

    <link rel="stylesheet" href="/style/style.css" type="text/css" media="screen" />
</head>

<body>
    <?php
    $db = new DB();
    //echo $db->db;
    //echo $db->GetTestDB();
    //$test = $db->TestThis();
    //print_r($test);
    echo $db->GetArticles('23');
    ?>
</body>
</html>

If it is possible I also have two other concerns: the first question is a matter of securit — is this a good practice or not? The other question is how do I hide files with this password data, so I can use them but no one can read them?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Ok, you’ve got a lot going on here, so I’ll try to address issues one at a time to make this class behave properly and in an object-oriented manner (instead of a collection of not-entirely-related methods).

    First, your constructor:

    //  Make these private, will find out why in a moment...
private $db;
// __construct, not __constructor!!
private function __construct() {
    // This whole array doesn't serve any purpose because the constants
    // are defined and available in all scopes
    // while this array is local to the __construct().  
    // Just get rid of it and use the 
    // constants directly in the PDO connection
    //$config ['db'] = array(
    //    'host'          =>      DBHOST,
    //    'username'      =>      DBUSER,
    //    'password'      =>      DBPSW,
    //    'dbname'        =>      DBNAME,
    //);

    // Use some error checking when establishing your connection
    try {
      // Some extra bad whitespace removed around =
      $this->db = new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPSW); 
    } catch (PDOException $e) {
      echo 'Connection failed: ' . $e->getMessage();
    }
}

    Next your singleton accessor getInstance().

    // No code changes necessary....
public static function getInstance()
{
    if (!isset(self::$instance))
    {
        $object = __CLASS__;
        self::$instance = new $object;
    }
    return self::$instance;
}

    Since you have defined a method to access the class as a singleton, the $db property and the __construct() are made private. At no point will you ever call $DB_class-instance = new DB() to instantiate it, or call $DB_class_instance->db to access the connection directly. Instead, you will call DB::getInstance() to access the singleton instance and your methods like GetArticles() to execute queries.

    Now onto your querying method:

    public function GetArticles ($search){
    // Ok a SQL string, no problem...
    $sql = "SELECT `FirstColumn`, `SrcColumn`, `article` FROM `test_table`  WHERE `FirstColumn` = :search";

    // There's no need for this.  You already defined $db as 
    // a class property, so you should be using $this->db
    // $dbs = DB::getInstance();

    $query = $this->db->prepare($sql);
    // bind the $search input parameter...
    $query->bindParam(':search', $search);

    // Test for success
    if ($query->execute()) {

      $row = $query->fetch(PDO::FETCH_OBJ) {
      // I suppose you know what you want here. If you're only expecting 
      // one article, there's no real need for the while loop.
      // You can just fetch() once.
      $return = $row->article;

      // OR.....

      // However, if you are expecting *multiple* rows, you should be accumulating them
      // into an array like this:
      $return = array();
      while ($row = $query->fetch(PDO::FETCH_OBJ)) {
         // Append to an array
         $return[] = $row->article;
         // OR to get multiple columns returned as an object...
         $return[] = $row;
      }
      return $return;
   }
   else {
     // Query failed, return false or something
     return FALSE;
   }
}

    Finally your controller code:

    // The constructor is private, so you can't do this
// $db = new DB();
// Instead you need to use getInstance()
$db = DB::getInstance();
// Returns an array, so print_r()
print_r($db->GetArticles('23'));

    Since we made the class’ $db property private, it cannot be accessed outside the class. Therefore you would need to define querying methods similar to GetArticles() for any other queries you plan to run as well. If you think you will need to build ad-hoc queries that are not class methods sometimes, then you can change it to 

    public $db

    Then, you could do things outside the class like the following instead of having to build a class method to do it. You do still need to call getInstance() however.

    $dbs = DB::getInstance();
// Run a query via the PDO connection $dbs->db
$result = $dbs->db->query('SELECT * FROM sometable');

    Little style issue:

    This won’t actually cause a problem since identifiers are case-insensitive, but stylistically it is weird. define() is a function call and is usually used lowercase:

    define('DBHOST', 'localhost');
define('DBUSER', 'REMOVED');
define('DBPSW', 'REMOVED');
define('DBNAME', 'REMOVED');

    About your file security

    As long as your web server is correctly configured, no one else can read the files. Provided the web server sends .php files to the PHP interpreter rather than dumping their contents to the browser, the files are safe. If you are on a shared host and the host does not properly segregate your files from other tenants, that is their problem and the only good solution would be to get a better host.

    It is wise, however, to store your sensitive files above your web server’s document root directory. Then even a misconfigured web server could not accidentally dump their contents to a client. They are only accessible to PHP via include.

    • 0