0

What is a known and commonly used database abstraction layer in PHP which can wrap SQL code in classes and prevent SQL injections?

I found tons of article on how to prevent SQL injections but not one giving any practical DAO implementation to use.

I have therefore tried following this tutorial http://chocotech.blogspot.it/2012/12/php-mysql-dao-example.html in which a DAO wrapper class is created which can be extended creating self contained SQL functions.

At one point however the following class is included:

http://www.phpkode.com/source/s/mysql-abstraction-pro/mysql-abstraction-pro/database.class.php

This mysql abstraction layer is written by Joey Adams, and it's open-source however it dates back to 2006 and now works but with tons of warnings, is there something more recent to use instead of it?

dendini
  • 3,842
  • 9
  • 37
  • 74
  • If you are looking for abstraction to manage the database connection, with support for parameterized queries, [use PDO](http://www.php.net/manual/en/book.pdo.php). If you need something more like an ORM, there are other solutions to work in conjunction with it. – Michael Berkowski Jan 17 '14 at 14:54
  • Standard advice around here is [How can I prevent SQL injection in PHP](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php), with PDO examples for prepared statements. – Michael Berkowski Jan 17 '14 at 14:55
  • Hey you shared my blog Chocotech's link:) That example in my blog was very helpful in my project. However DAO framework is not recommended in PHP anymore. I think you should use Data Access Layer like Doctrine. – svlzx Mar 25 '14 at 22:52

0 Answers0