Diciamo che ho una classe Db [db.php]:
<?php
class Db
{
// class properties
private $db_driver = ''; // dsn credentials
private $db_dhost = '';
private $db_dname = '';
private $db_uname = '';
private $db_pword = '';
private $db_tzone = ''; // timezone
private $db_email = ''; // error reporting
private $db_headr = '';
private $db_ecode = 0;
private $db_emess = '';
private $bConnected = false;
private $conn = null;
public function __construct($my_env) {
# d = development, t = testing, p = production, s = sandbox
$my_letter = strtoupper($my_env);
$this->db_driver = 'mysql';
$this->db_dhost = '...';
$this->db_dname = '...';
$this->db_uname = '...';
$this->db_pword = '...';
$this->db_tzone = 'America/Los_Angeles';
$this->db_email = '[email protected]';
$this->db_headr = 'From: [email protected]';
// set db type, host and db credentials from $_SERVER environment variables
// $this->db_driver = filter_input(INPUT_SERVER, 'DB_' . $my_letter . '_DRIVER', FILTER_SANITIZE_URL);
// $this->db_dhost = filter_input(INPUT_SERVER, 'DB_' . $my_letter . '_DHOST', FILTER_SANITIZE_URL);
// $this->db_dname = filter_input(INPUT_SERVER, 'DB_' . $my_letter . '_DNAME', FILTER_SANITIZE_URL);
// $this->db_uname = filter_input(INPUT_SERVER, 'DB_' . $my_letter . '_UNAME', FILTER_SANITIZE_URL);
// $this->db_pword = filter_input(INPUT_SERVER, 'DB_' . $my_letter . '_PWORD', FILTER_SANITIZE_URL);
}
public function dbConnect(){
# initialize connection
$this->conn = null;
try {
# Set default timezone
date_default_timezone_set($this->db_tzone);
# Set database options
$db_options = array(
PDO::ATTR_EMULATE_PREPARES => false,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_TIMEOUT => 150,
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8mb4',
1002 => 'SET NAMES utf8mb4'
)
# Create new connection
$this->conn = new PDO($db_driver . ':host=' . $this->db_dhost . ';dbname=' . $this->db_dname . ';charset=utf8mb4',
$this->db_uname,
$this->db_pword,
$db_options);
# Charset ignored < PHP 5.3.6
$this->conn->exec('set names utf8');
# set connected to true
$bConnected = true;
} catch (PDOException $de) {
# get error information
$this->db_ecode = $de->getCode();
$this->db_emess = $de->getMessage();
$body = '[' . $this->db_ecode . '] [' . $this->db_emess . ']';
# send error to admin
mail($this->db_email, "Database Connection Error", $body, $this->db_headr);
# set connection to false
$this->conn = null;
# set connected to false
$bConnected = false;
}
returned array($this->conn, $bConnected);
}
}
?>
Per creare un'istanza, sto usando qualcosa di simile a:
// include db class
include_once 'db.php';
// use development db
$instance = new Db('d');
// capture result of attempt
list($conn, $bConnected) = $instance->dbConnect();
if($bConnected == true) {
// perform crud
$conn = ...
}
Le mie domande sono queste:
(a) c'è un modo migliore per astrarre le credenziali di connessione DSN diverse da $ _SERVER variabili
(b) posso migliorare questo codice di esempio, per renderlo più sicuro?
(c) dovrei implementare codice di pulizia come ...
$conn = null;
o ...
unset($conn);
se non si verificano eccezioni? E infine ...
(d) ho trascurato qualcosa di palesemente ovvio?