Secure OOP connection in PHP for advanced web development

Secure OOP Codes

Secure OOP connection in PHP for advanced web development

Web application security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application’s code. Common targets for web application attacks are content management systems (e.g., WordPress), database administration tools (e.g., phpMyAdmin) and SaaS applications.
So  basically it is good to write codes and programs that would really stand the test of time, actually with wasting much of the time, i am going to write some codes which can be implemented in designing the backend of a website for performing basic crud operations and also real time setting up and implementation of different security features, and am going to deploy this secure code in an MVC pattern using PHP.
Basically for connection in php we need to specify the database variables and various functions which would inter-work amongst themselves, now as i earlier said, we would be using the MVC pattern which means that i would be writing the code using classes.
To get started, you must have the PHP server installed in your computer system, either through xampp, Mamp, wamp or even the PHP inbuilt development server.

READ  Top 5 Factors to Consider to Get the Best Ranking for your Newly Established Venture

Create a folder : Class.php

Now it is in this folder that we would be creating our database connection files which would aid seriously in linking our files and tables together for maximal results. Now write the code below inside a file named databaseconnection.php
 

<?php
class DBController {
    private $host = "localhost";
    private $user = "root";
    private $password = "";
    private $database = "crud_example";
    private $conn;
    function __construct() {
        $this->conn = $this->connectDB();
    }
    function connectDB() {
        $conn = mysqli_connect($this->host,$this->user,$this->password,$this->database);
        return $conn;
    }
    function runBaseQuery($query) {
        $resultset='';
        $result = $this->conn->query($query);
        if ($result->num_rows > 0) {
            while($row = $result->fetch_assoc()) {
                $resultset[] = $row;
            }
        }
        return $resultset;
    }
    function runQuery($query, $param_type, $param_value_array) {
        $sql = $this->conn->prepare($query);
        $this->bindQueryParams($sql, $param_type, $param_value_array);
        $sql->execute();
        $result = $sql->get_result();
        if ($result->num_rows > 0) {
            while($row = $result->fetch_assoc()) {
                $resultset[] = $row;
            }
        }
        if(!empty($resultset)) {
            return $resultset;
        }
    }
    function bindQueryParams($sql, $param_type, $param_value_array) {
        $param_value_reference[] = & $param_type;
        for($i=0; $i<count($param_value_array); $i++) {
            $param_value_reference[] = & $param_value_array[$i];
        }
        call_user_func_array(array(
            $sql,
            'bind_param'
        ), $param_value_reference);
    }
    function insert($query, $param_type, $param_value_array) {
        $sql = $this->conn->prepare($query);
        $this->bindQueryParams($sql, $param_type, $param_value_array);
        $sql->execute();
        $insertId = $sql->insert_id;
        return $insertId;
    }
    function update($query, $param_type, $param_value_array) {
        $sql = $this->conn->prepare($query);
        $this->bindQueryParams($sql, $param_type, $param_value_array);
        $sql->execute();
    }
}
?>

Then you have created a base class for the secure connection in PHP, now remember prepared statements in PHP, they are one of the most secure form of writing codes in php, because they specify beforehand the data type of a variable before it is passed to the database, so even if a wrong data type is input maybe due to a malicious attack from a hacker, the attack remains Null and void.
see ya’

READ  How Ai will affect Android users

Smith

I am both a front and backend developer

View all posts

Add comment

Your email address will not be published. Required fields are marked *

DMCA.com Protection Status