1

I'm planning to use a PHP PDO wrapper class from here: http://www.imavex.com/php-pdo-wrapper-class/

I initialized the class with:
$db = new db("mysql:host=$sitedbHost;port=3306;dbname=$sitedbName", "$sitedbUser", "$sitedbPass");

The problem is, that I don't like the idea to make global $db on every function on my other classes like this:

class User
{
    function getUserDomains($user_id)
    {
        global $db;
        return $db->select("domains");
    }
}

Any help will be highly appreciated.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Milen Mihalev
  • 350
  • 1
  • 7
  • 21

3 Answers3

2

If you class requires it in order to work, you can inject it in the constructor:

class User {

    public function __construct(Database $db) {
        $this->db = $db;
    }

}

You can then access the database object from $this->db. (Note, I assumed $db is an instance of the Database class. Change it as appropriate).

Madara's Ghost
  • 172,118
  • 50
  • 264
  • 308
-1

Here is something for you:

Check new PDO Class Wrapper on GitHub

Nono
  • 6,986
  • 4
  • 39
  • 39
-3

I don't like the idea to make global $db on every function on my other classes

Well, make it global in constructor only (or pass it as a parameter), and then use as a class variable, 

return $this->db->select("domains");

Honestly, you can't avoid passing $db to the function somehow. There is no magic. Whatever fashionable way you choose, you'll end up with setting your $db variable this way or another, no matter how it's called, "dependence injection", "global" or "use the Force, Luke".

I'd vote for global as it's plain and simple.

By the way, this framework is inflexible and insecure. Better use safeMysql as it's way more secure and flexible

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • 5
    -1 just for that last line. Sorry, `global` is not plain, not simple. – Madara's Ghost Apr 12 '13 at 14:49
  • Insecure? Why do you think that it's insecure? – Milen Mihalev Apr 12 '13 at 14:55
  • @МиленМихалев it doesn't protect your identifiers for example (table and field names). It's inflexible too. Do you use IN() operator in your queries? – Your Common Sense Apr 12 '13 at 14:56
  • @Your Common Sense this safeMysql class is made by you? So.. if I use this class there will be no need to escape, sanitize strings and etc because of the placeholders and it will protect the queries against sql attacks? – Milen Mihalev Apr 12 '13 at 21:38
  • @МиленМихалев yes. It does proper formatting for all possible data types, not only strings and numbers like PDO. And thus makes a query fully protected. There are many other benefits too. I'd be glad to have any feedback from you if you decide to try it. – Your Common Sense Apr 13 '13 at 04:45
  • @МиленМихалев strictly speaking, in case of PDO you don't need to escape, sanitize strings too. The only difference is that PDO doesn't have placeholders for the complex types such as arrays for SET, IN and identifiers. – Your Common Sense Apr 13 '13 at 04:48