How can PDO be utilized to improve security and efficiency in PHP database operations?
Using PDO in PHP for database operations can improve security by preventing SQL injection attacks and improve efficiency by allowing for reusable prepared statements. By using PDO, developers can bind parameters to queries, which helps sanitize user input and prevent malicious SQL queries. Additionally, PDO supports multiple database drivers, making it easier to switch between different databases without changing the code significantly.
// Connect to the database using PDO
$dsn = 'mysql:host=localhost;dbname=mydatabase';
$username = 'username';
$password = 'password';
try {
$pdo = new PDO($dsn, $username, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
// Prepare and execute a query using PDO prepared statements
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = :username');
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->execute();
// Fetch results
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);