2

I'm in a situation where I need to use MYSQL's LAST_INSERT_ID(), which is obviously only possible when maintaining the same connection. But as I was thinking about the way I establish my PDO connections, it occurred to me that I am probably going to run into problems.

I've got a database class with various types of connections. Inside this class, I've created different PDO connection methods based on user permissions which I call inside the PDO query methods like so...

class dbFunctions {

    private $userSelect = "userSelect";
    private $passSelect = "XXXXX";
    private $userDelete = "userDelete";
    private $passDelete = "XXXXX";

    protected function connectSelect() {
        $dsn = $this->dsn();
        $this->pdo = new PDO($dsn, $this->userSelect, $this->passSelect, $this->options);

        return $this->pdo;
    }

    protected function connectDelete() {
        $dsn = $this->dsn();
        $this->pdo = new PDO($dsn, $this->userDelete, $this->passDelete, $this->options);

        return $this->pdo;
    }

    public function selectCount($query, $values = []) {

        $result = $this->connectSelect()->prepare($query);
        $result->execute($values);
        $exec = $result->fetch();

        $count = (int)$exec['total'];

        return $count;
    }
}

My questions are...

  • Am I better off creating one global connection object with the same account/password for all queries? I did it this way for security purposes but I believe it may have drawbacks.
  • Even though these are different PDO connection objects, is PHP able to determine they are part of the same session within the same script? In which case the separate methods will be ok.
  • How can I keep separate mysql users with my current class?

Obviously I can test this on my own, but I'm unsure what the results will be when I get multiple users accessing the site.

EternalHour
  • 8,308
  • 6
  • 38
  • 57
  • 3
    you should definitely not create one PDO instance for each select query of an web app, or did I misunderstood? – Félix Adriyel Gagnon-Grenier Mar 26 '15 at 22:17
  • So I'm better off using a construct? – EternalHour Mar 26 '15 at 22:19
  • 1
    I've marked this as a duplicate, not because it is the same question but because the answer(s) in the other question should answer this. – Phil Mar 26 '15 at 22:32
  • @Phil - It should be obvious that these questions have nothing in common after having changed the title and question. The answer is different than any others in the other question. It became clear to me that I was asking the wrong question. – EternalHour Mar 26 '15 at 23:11
  • 1
    @EternalHour thanks for updating. I've removed the dupe – Phil Mar 26 '15 at 23:18

2 Answers2

0

The best is to have only one DB connection per page. Maybe by using a singleton.

First for performance, because a connection have a cost.

In my opinion, there isn't any security issue.

bigben3333
  • 435
  • 2
  • 9
  • It makes sense, but is it not considered the same connection since I am only creating one class instance and then calling different methods within that instance? – EternalHour Mar 26 '15 at 22:22
  • if you instanciate your connection in the consctructor, and use it all time you need it, what's the problem ? – bigben3333 Mar 26 '15 at 22:31
0
  • Am I better off creating one global connection object with the same account/password for all queries? I did it this way for security purposes but I believe it may have drawbacks.

I'm no security expert. I think that if I can manage mysql users and permissions in a way that only some human accounts can delete stuff, that's some kind of security. I also think this has many complex ramifications. On the other hand, people can update to a blank string if need be...

  • Even though these are different PDO connection objects, is PHP able to determine they are part of the same session within the same script? In which case the separate methods will be ok.

PHP objects do not seem to be persistent. We can serialize them and use __sleep() to manage their storage.

It [sleep] can clean up the object and is supposed to return an array with the names of all variables of that object that should be serialized.

this part might interest you:

The intended use of __wakeup() is to reestablish any database connections that may have been lost during serialization and perform other reinitialization tasks.

  • How can I keep separate mysql users with my current class?

With the same pattern, but make sure not to create pdo instances for each select or delete query. I tweaked it a bit to reuse the same function for both connections. Adding more is as easy as... naming new class members.

class dbFunctions {

    // other members

    // add these
    private $instanceSelect = null; // they default to null anyway
    private $instanceDelete = null;
    private $instanceFoosball = null;

    protected function connect($what) {
        if ($this->{"instance".$what} === null) { // true the first time
            $this->{"instance".$what} = new PDO($this->dsn(), $this->{"user".$what}, $this->{"pass".$what}, $this->options);
        }
        return $this->{"instance".$what}; // always reused
    }

    public function selectCount($query, $values = []) {}
}

$result = $this->connect('Select')->prepare($query);
$result = $this->connect('Foosball')->prepare($query);
Félix Adriyel Gagnon-Grenier
  • 8,422
  • 10
  • 52
  • 65
  • 1
    Thanks for the explanation, I'm glad I only need to make a small modification. I do understand that a new connection is being generated each time with the code in the question which is why I was trying to find the proper way to use different users. – EternalHour Mar 26 '15 at 22:29
  • My pleasure and sorry about the wording, I did not mean to condescend. – Félix Adriyel Gagnon-Grenier Mar 26 '15 at 22:32
  • I'm having trouble understanding how your suggestion works. If you set all the values initially to null, then use it for a condition, it will always be true? – EternalHour Mar 26 '15 at 22:34
  • The first time it will be true, so it is then assigned a PDO instance. The second time the function is executed, *the property is still your PDO instance*, the condition evaluates as false and the existing PDO instance is returned – Félix Adriyel Gagnon-Grenier Mar 26 '15 at 22:36
  • 1
    I see what your saying, I didn't even notice you assigned a variable to the connection object rather than just returning it as I was doing :D – EternalHour Mar 26 '15 at 22:47