PHP download

Download the PHP package krugozor/database without Composer

On this page you can find all versions of the php package krugozor/database. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download krugozor/database
More information about krugozor/database
Files in krugozor/database

Vendor krugozor
Package database
Short Description PHP class library for simple, convenient, fast and safe work with MySql database, using PHP mysqli extension and imitation of prepared queries.
License
Homepage https://github.com/Vasiliy-Makogon/Database

Keywords database mysql placeholder mysqli placeholders mysql class prepare statement mysql database class mysql database php class ext-mysqli mysql db mysql db class php class mysql php class mysql database php class database

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of krugozor/database

Informations about the package database

Русскоязычная документация находится тут

Getting the Library

You can download it as an archive, clone from this site, or download via composer (link to packagist.org):

What is `krugozor/database`?

krugozor/database is a PHP >= 8.0 class library for simple, convenient, fast and secure work with the MySql database, using the PHP extension mysqli.

Why do we need a self-written class for MySql if PHP has a PDO abstraction and a mysqli extension?

The main disadvantages of all libraries for working with the mysql database in PHP are:

Verbosity
- Developers have two options to prevent SQL injections:
  - Use prepared queries.
  - Manually escape the parameters going into the body of the SQL query. String parameters run via mysqli_real_escape_string and the expected convert numeric parameters to the appropriate types - int and float.
- Both approaches have huge drawbacks:
  - Prepared queries are terribly verbose. Use "out of the box" PDO abstraction or mysqli extension, no aggregation all methods for obtaining data from the DBMS is simply impossible - in order to get the value from the table, you need write at least 5 lines of code! And so on for every request!
  - Manual escaping of parameters going into the body of an SQL query is not even discussed. A good programmer lazy programmer. Everything should be as automated as possible.
Unable to get SQL query for debugging
- To understand why the SQL query does not work in the program, you need to debug it - find either a logical or syntax error. To find an error, you need to "see" the SQL query itself, which the database "swears" at, with parameters substituted into its body. Those. to have formed high-grade SQL. If the developer is using PDO, with prepared queries, then it's... IMPOSSIBLE! There are no most convenient mechanisms for this in native libraries NOT PROVIDED. It remains either to pervert, or to climb into the database log.

Solution: `krugozor/database` is a class for working with MySql

Eliminates verbosity - instead of 3 or more lines of code to execute one request when using the "native" library, you write only one.
Screens all parameters that go to the request body, according to the specified type of placeholders - reliable protection against SQL injections.
Does not replace the functionality of the "native" mysqli adapter, but simply complements it.
Expandable. In fact, the library provides only a parser and the execution of a SQL query with guaranteed protection against SQL injections. You can inherit from any library class and use both the library mechanisms and the mysqli and mysqli_result mechanisms to create the methods you need to work with.

What is NOT the `krugozor/database` library?

Most wrappers for various database drivers are a bunch of useless code with a disgusting architecture. Their authors, not understanding the practical purpose of their wrappers themselves, turn them into a kind of builders queries (sql builder), ActiveRecord libraries and other ORM solutions.

The krugozor/database library is none of the above. This is just a convenient tool for working with regular SQL within the framework MySQL DBMS - and no more!

What are placeholders?

Placeholders — special typed markers that are written in the SQL query string instead of explicit values (query parameters). And the values themselves are passed "later", as subsequent arguments to the main a method that executes a SQL query:

SQL query parameters passed through the placeholders system are processed by special escaping mechanisms, in depending on the type of placeholders. Those. you no longer need to wrap variables in escaping functions type mysqli_real_escape_string() or cast them to a numeric type as before:

Now it has become easy to write queries, quickly, and most importantly, the krugozor/database library completely prevents any possible SQL injections.

Introduction to placeholder system

The types of fillers and their purposes are described below. Before getting acquainted with the types of fillers, it is necessary to understand how the library mechanism works.

PHP problem

PHP is a weakly typed language and an ideological dilemma arose when developing this library. Let's imagine that we have a table with the following structure:

and the library MUST (for some reason, possibly beyond the developer's control) execute the following request:

In this example, an attempt is made to write a null value to the not null text field name, and a false boolean type to the flag numeric field. What should we do in this situation?

Who should be responsible for validating query parameters - the client code or the library?
Should we interrupt program execution in this case, or should we perhaps apply some manipulations so that the data is written to the database?
Can we treat the false value for the tinyint column as the value 0, and null as an empty string for the name column?
How can we simplify or standardize such problems in our code?

In view of the questions raised, it was decided to implement two operating modes in this library.

Library operating modes

Mysql::MODE_STRICT - strict match mode for placeholder type and argument type. In Mysql::MODE_STRICT mode, the argument type must match the placeholder type. For example, an attempt to pass the value 55.5 or '55.5' as an argument for an integer placeholder ?i will result in an exception being thrown:
Mysql::MODE_TRANSFORM — argument conversion mode to placeholder type when placeholder type and argument type do not match. The Mysql::MODE_TRANSFORM mode is set by default and is a "tolerant" mode - if the placeholder type and the argument type do not match, it does not throw an exception, but tryes to convert the argument to the desired placeholder type using the PHP language itself. By the way, I, as the author of the library, always use this particular mode, I have never used strict mode (Mysql::MODE_STRICT) in real work, but perhaps you will need it specifically.

The following transformations are allowed in Mysql::MODE_TRANSFORM:

Cast to type int (placeholder ?i)
- floating point numbers represented both in string and double types
- bool TRUE is converted to int(1), FALSE is converted to int(0)
- null is converted to int(0)
Cast to type double (placeholder ?d)
- integers represented in both string and int types
- bool TRUE becomes float(1), FALSE becomes float(0)
- null is converted to float(0)
Cast to type string (placeholder ?s)
- bool TRUE is converted to string(1) "1", FALSE is converted to string(1) "0". This behavior is different from casting bool to int in PHP, as often, in practice, the boolean type is written in MySql as a number.
- a numeric value is converted to a string according to PHP's conversion rules
- null is converted to string(0) ""
Cast to type null (placeholder ?n)
- any arguments.
For arrays, objects and resources, conversions are not allowed.