PHP download

Download the PHP package krugozor/database without Composer

On this page you can find all versions of the php package krugozor/database. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download krugozor/database
More information about krugozor/database
Files in krugozor/database

Vendor krugozor
Package database
Short Description PHP class library for simple, convenient, fast and safe work with MySql database, using PHP mysqli extension and imitation of prepared queries.
License
Homepage https://github.com/Vasiliy-Makogon/Database

Keywords database mysql placeholder mysqli placeholders mysql class prepare statement mysql database class mysql database php class ext-mysqli mysql db mysql db class php class mysql php class mysql database php class database

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of krugozor/database

Informations about the package database

Other languages:

Русская документация
Documentation française
Deutsche Dokumentation
Documentazione italiana
日本語ドキュメント
Documentación en español
한국어 문서
简体中文文档
繁體中文文件
Dokumentasi Bahasa Indonesia
Documentação em Português (BR)
हिंदी दस्तावेज़
التوثيق بالعربية
Türkçe Dokümantasyon
Tài liệu tiếng Việt

Getting the Library

You can download it as an archive, clone it from this site, or install via composer (packagist.org link):

What is `krugozor/database`?

krugozor/database is a PHP >= 8.0 class library for simple, convenient, fast, and secure work with MySQL databases, using the PHP extension mysqli.

Why do you need a custom class for MySQL when PHP already has PDO abstraction and the mysqli extension?

The main drawbacks of all libraries for working with MySQL in PHP are:

Verbosity
- To prevent SQL injections, developers have two options:
- Use prepared statements.
- Manually escape parameters going into the SQL query body. Pass string parameters through mysqli_real_escape_string, and cast expected numeric parameters to the appropriate types — int and float.
- Both approaches have significant drawbacks:
- Prepared statements are terribly verbose. Using PDO abstraction or the mysqli extension "out of the box", without aggregating all methods for retrieving data from the DBMS, is simply impossible — to get a value from a table you need to write at least 5 lines of code! And that's for every single query!
- Manual escaping of parameters going into the SQL query body is not even worth discussing. A good programmer is a lazy programmer. Everything should be automated as much as possible.
Inability to get the SQL query for debugging
- To understand why an SQL query doesn't work in your program, you need to debug it — find either a logical or syntactic error. To find the error, you need to "see" the actual SQL query that the database complained about, with parameters substituted into its body. That is, to have a fully formed SQL statement. If a developer uses PDO with prepared statements, this is... IMPOSSIBLE! No convenient mechanisms for this are PROVIDED in the native libraries. You're left with either workarounds or digging through the database log.

Solution: `krugozor/database` — a class for working with MySQL

Eliminates verbosity — instead of 3 or more lines of code to execute a single query when using the "native" library, you write just one.
Escapes all parameters going into the query body according to the specified placeholder type — reliable protection against SQL injections.
Does not replace the functionality of the "native" mysqli adapter, but simply complements it.
Extensible. Essentially, the library provides only a parser and SQL query execution with guaranteed protection against SQL injections. You can inherit from any library class and, using both library mechanisms and mysqli and mysqli_result mechanisms, create the methods you need.

What the `krugozor/database` library is NOT

Most wrappers for various database drivers are a pile of useless code with terrible architecture. Their authors, not understanding the practical purpose of their wrappers themselves, turn them into something like query builders (sql builder), ActiveRecord libraries, and other ORM solutions.

The krugozor/database library is none of these. It's just a convenient tool for working with regular SQL within the MySQL DBMS — and nothing more!

What are placeholders?

Placeholders — special typed markers that are written in the SQL query string instead of explicit values (query parameters). The values themselves are passed "later", as subsequent arguments to the main method that executes the SQL query:

SQL query parameters passed through the placeholder system are processed by special escaping mechanisms, depending on the placeholder type. This means you no longer need to wrap variables in escaping functions like mysqli_real_escape_string() or cast them to numeric types, as was done before:

Now writing queries has become easy, fast, and most importantly, the krugozor/database library completely prevents any possible SQL injections.

Introduction to the Placeholder System

The types of placeholders and their purposes are described below. Before getting acquainted with placeholder types, you need to understand how the library mechanism works.

The PHP Problem

PHP is a weakly typed language, and an ideological dilemma arose during the development of this library. Imagine we have a table with the following structure:

and the library MUST (for some reason, possibly beyond the developer's control) execute the following query:

In this example, there's an attempt to write a null value to the not null text field name, and a boolean false to the numeric field flag. What should we do in this situation?

Who should be responsible for validating query parameters — the client code or the library?
Should we interrupt program execution in this case, or perhaps apply some manipulations so that the data gets written to the database?
Can we treat the false value for the tinyint column as 0, and null as an empty string for the name column?
How can we simplify or standardize such issues in our code?

Given these questions, it was decided to implement two operating modes in this library.

Library Operating Modes

Mysql::MODE_STRICT — strict mode for matching placeholder type and argument type. In Mysql::MODE_STRICT mode, the argument type must match the placeholder type. For example, attempting to pass the value 55.5 or '55.5' as an argument for an integer placeholder ?i will result in an exception being thrown:

Mysql::MODE_TRANSFORM — mode for converting the argument to the placeholder type when the placeholder type and argument type don't match. The Mysql::MODE_TRANSFORM mode is set by default and is a "tolerant" mode — when the placeholder type and argument type don't match, it doesn't throw an exception, but tries to convert the argument to the required placeholder type using PHP itself. By the way, I, as the library author, always use this particular mode; I've never used strict mode (Mysql::MODE_STRICT) in real work, but perhaps you specifically will need it.

The following conversions are allowed in Mysql::MODE_TRANSFORM mode:

Converted to type int (placeholder ?i)
- floating-point numbers represented as either string or double type
- bool TRUE is converted to int(1), FALSE is converted to int(0)
- null is converted to int(0)
Converted to type double (placeholder ?d)
- integers represented as either string or int type
- bool TRUE is converted to float(1), FALSE is converted to float(0)
- null is converted to float(0)
Converted to type string (placeholder ?s)
- bool TRUE is converted to string(1) "1", FALSE is converted to string(1) "0". This behavior differs from casting bool to int in PHP, since often, in practice, boolean types are written to MySQL as numbers.
- numeric type values are converted to string according to PHP conversion rules
- null is converted to string(0) ""
Converted to type null (placeholder ?n)
- any arguments.
For arrays, objects, and resources, conversions are not allowed.