What best practices should be followed when creating a database connection class in PHP, considering error handling and security measures?

When creating a database connection class in PHP, it is important to implement proper error handling to catch any potential issues that may arise during the connection process. Additionally, security measures should be taken to prevent SQL injection attacks by using prepared statements and parameterized queries.

&lt;?php
class Database {
    private $host = &quot;localhost&quot;;
    private $username = &quot;username&quot;;
    private $password = &quot;password&quot;;
    private $dbname = &quot;database&quot;;

    public $conn;

    public function __construct() {
        try {
            $this-&gt;conn = new PDO(&quot;mysql:host=$this-&gt;host;dbname=$this-&gt;dbname&quot;, $this-&gt;username, $this-&gt;password);
            $this-&gt;conn-&gt;setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        } catch(PDOException $e) {
            echo &quot;Connection failed: &quot; . $e-&gt;getMessage();
        }
    }

    public function query($sql, $params = []) {
        $stmt = $this-&gt;conn-&gt;prepare($sql);
        $stmt-&gt;execute($params);
        return $stmt;
    }
}
?&gt;

Keywords

PDO MySQLi prepared statements exception handling SQL injection

What best practices should be followed when creating a database connection class in PHP, considering error handling and security measures?

Keywords

Related Questions