PHP 5 + MySQL 5 = A Perfect 10

1. PHP 5 + MySQL 5 A Perfect 10

i is for improved!

All new MySQL extension for PHP 5

Result of

New binary client protocol in MySQL 4.1

Oldmysqlextension showing age

Biggest change is that database handle is now mandatory and is the first argument

$db = mysqli_connect($server, $user, $password, "users");

$r = mysqli_query($db, "SELECT user FROM users");

while ($row = mysqli_fetch_assoc($r)) {

print $row['user'];

mysqli_free_result($r);

mysqli_close($db);

Create a MySQL object!

No real advantages over the procedural interface, except that objects are inherently cooler than functions.

Actually, there are a few neat things you can do by subclassing:

Create specialized classes

Redefine methods

$db = new mysqli($server, $user, $password, "users");

$r = $db->query("SELECT user FROM users");

while ($row = $r->fetch_assoc()) {

print $row['user'];

$r->free_result();

unset($db);

Define a query template

Faster for MySQL to execute

Send less data

Defense against SQL injection attacks

$db = mysqli_connect($server, $user, $password, 'stocks');

$sql = 'SELECT price FROM stocks

WHERE ticker = ?';

$stmt = mysqli_stmt_init($db);

if (mysqli_stmt_prepare($stmt, $sql)) {

// More to come

Map PHP variables with MySQL fields

Works with stored procedures

Can bind for both input and output

Watch your variable scope

$ticker = 'EBAY';

if (mysqli_stmt_prepare($stmt, $sql)) {

mysqli_stmt_bind_param($stmt, 's',

$ticker);

mysqli_stmt_bind_result($stmt, $price);

mysqli_stmt_execute($stmt);

print "$ticker trades at $price ";

EBAY trades at 75.01

$ticker = 'EBAY';

$stmt = $db->stmt_init();

if ($stmt->prepare($sql)) {

$stmt->bind_param('s', $ticker);

$stmt->bind_result($price);

$stmt->execute();

print "$ticker trades at $price ";

EBAY trades at 75.01

Encrypt the connection between PHP and MySQL

Slows things down

Useful when you dont control the path between the client application and MySQL

Somewhat painful to set up if youre an SSL novice

$db = mysqli_init();

mysqli_ssl_set($db,

'/usr/local/mysql/server-key.pem', '/usr/local/mysql/server-cert.pem', '/usr/local/mysql/cacert.pem',

NULL);

mysqli_real_connect($db, 'external.example.org', 'ssl-user', 'password', 'database');

$db = mysqli_init();

mysqli_options($db, MYSQLI_READ_DEFAULT_FILE, '/etc/my.cnf');

mysqli_real_connect($db, 'external.example.org', 'ssl-user', 'password', 'database');

Send multiple SQL queries all at once

Super useful forphpMyAdmin

Increases the danger of SQL injection attacks

Requires special set of functions

Forcibly disabled inmysqli_query()

More work to iterate; made easier by using anIterator

if (mysqli_multi_query($db, $query)) {

if ($r = mysqli_store_result($db)) {

while ($row = mysqli_fetch_row($r)) {

print "$row[0] ";

mysqli_free_result($result);

} while (mysqli_next_result($db));

$it = new MySQLiQueryIterator($db,

$query);

foreach ($it as $r) {

if ($r) {

while ($row = mysqli_fetch_row($r)) {

print "$row[0] ";

New in MySQL 4.1

Run a query within a query

Makes it faster and easier to filter data

Places work inside MySQL instead of PHP

Could often by worked around using a self-join, but not always

Know what your query will return

One row ( = ) or many ( IN() )?

mysql>SELECT speaker

FROM speakers

WHERE topic =

(SELECT topic

FROM speakers

WHERE speaker = 'Adam

Trachtenberg');

Better hope Im not talking on multiple subjects

mysql>SELECT speaker

FROM speakers

WHERE topicIN

(SELECT topic

FROM speakers

WHERE speaker = 'Adam

Trachtenberg');

New in MySQL 4.1

Store data using different character sets

Collate data using different character sets

Important when

You want a case-insensitive sort

Different cultures place the same letter in different positions in their alphabets

What to do with

Four records

Muffler

MX Systems

mysql>SELECT X FROM T ORDER BY X COLLATEcollation_name ;

New in MySQL 5.0

Sequence of SQL statements stored on your MySQL server

Make request with set of parameters, get back chunk of relatively complete data

Works regardless of client language

Speedier than even prepared statements

More secure (can wall off access to tables except through pre-defined procedures)

A work in progress

mysql>

CREATE PRODCEDURE getNumberOfSpeakers

(OUT n INT)

SELECT COUNT(*) INTO n FROM speakers;

mysql> CALL getNumberOfSpeakers(@number);

mysql> SELECT @number;

New in MySQL 5.0

CURrent Set of RecordsS

Lets you refer to the results of a SELECT statement on the server

Works within stored procedures and functions

Still fairly limited. Just a test.

mysql> DECLARE speakers CURSOR FOR SELECT speaker, topic FROM speakers;

mysql> OPEN speakers;

mysql> FETCH speakers INTO s, t;

mysql> CLOSE speakers;

New in MySQL 5.0

Let you create a virtual table based on SQL queries

CREATE VIEW view AS SELECT ...

SELECTstatement can includeJOIN s

You can now refer to view as if it was a real table:SELECT * FROM view WHERE ...

Changing rows in the view alters the data back in the original table.

NIGEL:What we do is if we need that extra...push over the cliff...you know what we do?

MARTY:Put it up to eleven.

NIGEL:Eleven. Exactly. One louder.

MARTY:Why don't you just make ten louder and make ten be the top... number...and make that a little louder?

NIGEL: ...these go to eleven.

PHP 5, MySQL 4.0, and 4.1

Newmysqliextension

Everything covered here, but in greater detail. (Except 5.0)

How to migrate

From PHP 4 / mysql / MySQL 4.0

To PHP 5 / mysqli / MySQL 4.1

PHP 5 + MySQL 5 = A Perfect 10

Documents

Transcript of PHP 5 + MySQL 5 = A Perfect 10