best way to update mysql database 2

[rogerte]

Relatively new to PHP (and now retired so teaching myself as I go)

I am trying to go down the PDO route, as I think it is more secure than mysqli.

I have been looking at example code and when it comes to form actions (ie. loading data from table, updating table or deleting rows) some examples have all the PHP code on the same page as the form, and some examples have some of the code, usually the form loading, on the same page, but the POST action as a separate PHP page.

My question is: 1) which is the best way to go, all on one page, or call separate page, and 2) why?

Cheers

 

[spamjim]

PHP is similar to JS and CSS in that it can appear mixed with HTML or be called externally. The reasons for separating ("require" or "include" PHP externally) are the same. The idea is to segment out code that can be reused elsewhere.

If the only PHP on your site is to process a contact form on a single page, you could use inline PHP. If you're developing a site with user authentication and a shopping cart, you'll likely want to call some external, repeatable PHP functions.

It is also possible to have inline and external PHP within the same web page.

 

[Olaf Doschke]

spamjums answer is good enough.

Just let me add:
1. This (whether to use PHP within one or two pages/script) has nothing to do with MySQL
2. Any PHP - included/required or embedded within the HTML is not getting to the client, PHP always is executed server side, so there is no security issue about where the PHP is, it's all just the organizational level of how you maintain your source code.

You would need a very badly configured web server not executing PHP but simply returning it just like static HTML or TXT files.

It's also wrong PDO is more secure than MySQLi. MySQLi is just limited to MySQL while PDO allows usage of any ODBC driver applicable to PHP. Notice: PDO can't just use any ODBC driver. For example, Microsoft needed to create specific PHP friendly MSSQL ODBC drivers to be usable by PDO. MySQLi has some advantages of being deeper and more directly involved with MySQL, so if you don't plan to use other databases you can also use MySQLi, ideally in its OOP interface and not the procedural MySQLi functions.

PDOs advantage to be able to switch databases also isn't very strong, as different databases have different types and SQL dialects, the simple way to switch the backend technology just by changing the connection parameters is something, which most of the time is only a theoretical option and stays impractical. One main thought: Any database has very specific strengths, which typically go into the regime of the SQL dialect only working with it and no other database. If you don't make use of these strengths because you want to stay compatible and be able to switch to a more powerful flagship database later, you make this a self-fulfilling prophecy.

The only real good cause for PDO is if you want to use a database different from MySQL to start with and ideally to stay there.

Bye, Olaf.

Olaf Doschke Software Engineering

https://www.doschke.name

 

[rogerte]

Thanks for the replies.

Great explanations.