Back to Blog
Blog Post

Using PDO in PHP to Perform Various Database Operations

Learn how to use PHP Data Objects (PDO) for secure database operations, including prepared statements, error handling, and best practices for modern PHP applications.

2025-01-10
5 min read
Avinash Tirumala

Using PDO in PHP to Perform Various Database Operations

Table of Contents

  1. Introduction to PDO
  2. Connecting to a Database with PDO
  3. Preparing and Executing Queries with PDO
  4. Fetching Data from a Database with PDO
  5. Using Prepared Statements with PDO
  6. Using PDO with MySQLi and PostgreSQL
  7. Best Practices for Using PDO

Introduction to PDO

PDO (PHP Data Objects) is a database abstraction layer for PHP. It provides a way to interact with various databases, including MySQLi, PostgreSQL, and others, using a unified interface.

PDO is written in C++ and is designed to provide a platform-independent way of accessing databases. It's an extension of the PHP language and can be used with most web servers.

PDO is one of the most modern ways to get data from your database in PHP.

Connecting to a Database with PDO

To use PDO, you need to connect to your database. Here's an example of how you can do it:

// Connection settings
$host = 'localhost';
$dbname = 'mydatabase';

// Create a PDO object
$dsn = "mysql:host=$host;dbname=$dbname";
$options = [
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
];
$pdo = new PDO($dsn, 'your_username', 'your_password');

In this example, we're connecting to a MySQL database on localhost with the username your_username and password your_password. The $dsn variable contains the DSN (Data Source Name) for our database connection, and the $options array sets the error mode to PDOException::ERRMODE_EXCEPTION, which means that any errors will be thrown as exceptions.

Preparing and Executing Queries with PDO

Preparing a statement involves creating a string that represents the SQL query you want to execute. Here's an example:

// Prepare a statement
$stmt = $pdo->prepare('SELECT * FROM users WHERE name = :name');

In this example, we're preparing a SQL query that selects all columns from the users table where the name column is equal to a value passed as a parameter.

To execute a prepared statement, you can use the execute() method:

// Execute the query with a parameter
$stmt->bindParam(':name', 'John Doe');
$stmt->execute();

In this example, we're setting a parameter named :name with the value 'John Doe', and then executing the query.

Fetching Data from a Database with PDO

Once you've executed a query, you can fetch the results using the fetchAll() method:

// Fetch all rows from a query
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

In this example, we're getting all rows from the query using the fetchAll() method, which returns an array of associative arrays.

Using Prepared Statements with PDO

Prepared statements are more secure than executing raw SQL queries, as they prevent SQL injection attacks. Here's an example of how to use prepared statements with PDO:

// Prepare a statement
$stmt = $pdo->prepare('SELECT * FROM users WHERE name = :name');
$statement = $stmt;

// Bind parameters to the statement
$statement->bindParam(':name', 'John Doe');

// Execute the query
$statement->execute();

In this example, we're preparing a SQL query with a parameter named :name, binding the value 'John Doe' to that parameter, and then executing the query.

Using PDO with MySQLi and PostgreSQL

PDO can work with other databases that support MySQLi or PostgreSQL as the underlying driver.

Here's an example of how to use PDO with MySQLi:

// Connection settings
$host = 'localhost';
$dbname = 'mydatabase';

// Create a PDO object with the MySQLi driver
$dsn = "mysql:host=$host;dbname=$dbname";
$options = [
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
];
$pdo_mysql = new PDO($dsn, 'your_username', 'your_password');

And here's an example of how to use PDO with PostgreSQL:

// Connection settings
$host = 'localhost';
$dbname = 'mydatabase';

// Create a PDO object with the PostgreSQL driver
$dsn = "pgsql:host=$host;dbname=$dbname";
$options = [
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
];
$pdo_postgresql = new PDO($dsn, 'your_username', 'your_password');

In these examples, we're connecting to a database using the MySQLi or PostgreSQL driver.

Best Practices for Using PDO

Here are some best practices to keep in mind when using PDO:

1. Use Prepared Statements

Using prepared statements prevents SQL injection attacks and makes your code more secure.

$stmt = $pdo->prepare('SELECT * FROM users WHERE name = :name');
$statement = $stmt;
$statement->bindParam(':name', 'John Doe');
$statement->execute();

2. Bind Parameters

Binding parameters to your prepared statements makes it easier to write secure code.

$stmt = $pdo->prepare('SELECT * FROM users WHERE name = :name');
$statement = $stmt;
$statement->bindParam(':name', 'John Doe');
$statement->execute();

3. Use Error Handling

Using error handling makes it easier to catch and handle errors that may occur during your database interactions.

try {
    // code that executes the database query
} catch (PDOException $e) {
    echo 'Error: '. $e->getMessage();
}

4. Use Transactions

Using transactions makes it easier to manage multiple database operations as a single, atomic unit.

$pdo->beginTransaction();

try {
    // code that executes the database query
} catch (PDOException $e) {
    echo 'Error: '. $e->getMessage();
}
$pdo->rollBack();

By following these best practices and using PDO effectively, you can build robust, scalable, and maintainable applications with ease.

Enjoyed this article?

If you found this post helpful, consider sharing it with your network or subscribing to my newsletter for more insights.

Read More ArticlesGet In Touch
Using PDO in PHP to Perform Various Database Operations - Avinash Tirumala | Avinash Tirumala