What are the potential pitfalls of directly using PDO in business logic?

Using PDO directly in business logic can lead to tightly coupling database operations with application logic, making it harder to maintain and test code. To solve this issue, it's recommended to separate database operations into a separate data access layer or repository pattern. This helps in keeping the business logic independent of the database implementation, improving code readability and maintainability.

// Example of separating database operations into a data access layer

class UserRepository {
    private $pdo;

    public function __construct(PDO $pdo) {
        $this-&gt;pdo = $pdo;
    }

    public function getUserById($userId) {
        $stmt = $this-&gt;pdo-&gt;prepare(&quot;SELECT * FROM users WHERE id = :id&quot;);
        $stmt-&gt;bindParam(&#039;:id&#039;, $userId);
        $stmt-&gt;execute();
        return $stmt-&gt;fetch(PDO::FETCH_ASSOC);
    }

    // Add more methods for other database operations
}

// Implementation in business logic
$pdo = new PDO(&#039;mysql:host=localhost;dbname=mydatabase&#039;, &#039;username&#039;, &#039;password&#039;);
$userRepository = new UserRepository($pdo);

$user = $userRepository-&gt;getUserById(1);

Keywords

PDO business logic security vulnerabilities SQL injection data validation

What are the potential pitfalls of directly using PDO in business logic?

Keywords

Related Questions