PHP classes Best Practise

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
kmstr
Forum Newbie
Posts: 1
Joined: Wed Aug 22, 2012 1:48 am

PHP classes Best Practise

Post by kmstr »

Hi guys!

I've been designing quite low-usage websites, but now I've given task to design website service with potentially higher usage. I'm not so familiar with Object-Oriented PHP programming, so I'd like to ask simple best practice -question. It's more theoretical question.

I have written some PHP class libraries for my use. For example, I have one for login management, one for MySQL handling etc. etc. Now I have used this kind of approach, and I'm wondering if it's totally wrong when it comes to performance or security.

Example scenario:

Code: Select all

class MySQL {
    public function __construct(...) {  
       ...
    }

    function connect() {		
       ...
    }
	
    function select_db() {	
	...
    }
	
    function query($qry) {
       ...
    }
}

Code: Select all

class other {
    public function __construct(...,$dbconn) {  
       $this->mysql = $dbconn;
    }

    function do_some_magic() {
      $this->mysql->query("TRUNCATE DATABASE xxx");
      ...
    }
}

Code: Select all


<?php

require_once 'inc/class.user.php';
require_once 'inc/class.other.php';

$mysql = new MySQL(...);

$mysql->connect();
$mysql->select_db();

$other = new other($mysql);

$other->do_some_magic();

Any comments, links, book titles that could help me, are more than welcome!
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: PHP classes Best Practise

Post by Christopher »

kmstr wrote:and I'm wondering if it's totally wrong when it comes to performance or security.
Those classes look very standard for PHP and are a fine design. The fact that you are injecting your DB object into your other classes is a best practice.

However, for security you should use PDO and prepared statements to reduce SQL attacks. And you should filter and validate all values from outside the program that are to be use in SQL (or displayed as output).
(#10850)
kon
Forum Newbie
Posts: 19
Joined: Sat Mar 03, 2012 5:43 am

Re: PHP classes Best Practise

Post by kon »

You are doing great for beginning with OOP in PHP. There few things from what you wrote that I believe that will make your life easier. First of all you must have naming conventions, even if you don’t like anyone else conventions you should create yours. For me I chose to fallow my logic which happened to be close to ZEND naming conventions e.g. class Model_User_Object mean that is in the path Model/User/Object.php . Also any abstract class ends with the word Abstract and the same with interfaces. Having said that I will go to my second mark, PHP has a very good feature, autoload ( or spl_autoload_register these days ). If you stick to some naming conventions that make sense then you haven’t to use require or include again. Finally from what you wrote , PHP has a great database OOP interface , PDO . Of course probably you need to create your own DB object out of it , in order to extend it or make some things easier for you, so your DB object could just extend PDO.
Post Reply