Wakati wa kufanya kazi na MySQL au database nyingine kwenye PHP, ni muhimu kutumia njia salama na ya kisasa ya kuunganishwa na database.
Njia bora zaidi kwa sasa ni kutumia PDO (PHP Data Objects).
PDO inakuwezesha:
Kuunganisha database kwa usalama.
Kutumia prepared statements (zinazozuia SQL Injection).
Kufanya kazi na database tofauti (MySQL, PostgreSQL, SQLite, n.k.) kwa urahisi.
βοΈ 2. Faida za Kutumia PDO
Faida Maelezo
π Usalama Inazuia SQL Injection kupitia prepared statements.
π Urahisi wa kubadilisha database Badilisha tu DSN string bila kuandika upya code yote.
βοΈ Error Handling nzuri Inaruhusu exceptions na error handling bora.
π‘ OOP Based Inatumia Object-Oriented Programming (modern PHP style).
𧩠3. Muundo wa PDO Connection
<?php
$dsn = "mysql:host=localhost;dbname=school_db;charset=utf8mb4";
$username = "root";
$password = "";
try {
$pdo = new PDO($dsn, $username, $password);
// Weka PDO Error Mode kuwa Exception
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "β
Connection successful!";
} catch (PDOException $e) {
echo "β Connection failed: " . $e->getMessage();
}
?>
π‘ Maelezo:
$dsn = Data Source Name (inaonyesha aina ya database na jina la database).
setAttribute() = inatupa udhibiti wa jinsi PDO inavyoshughulikia makosa.
PDO::ERRMODE_EXCEPTION = inatupa makosa kama exceptions (rahisi kuyashughulikia).
π 4. Kutumia Prepared Statements (Kwa Usalama)
Prepared statements huzuia SQL Injection kwa kutenganisha data ya mtumiaji na query yenyewe.
<?php
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
$stmt->execute(['email' => 'user@example.com']);
$user = $stmt->fetch();
if ($user) {
echo "User found: " . $user['name'];
} else {
echo "User not found.";
}
?>
π‘ Maelezo:
:email ni placeholder inayojazwa kwa usalama na thamani.
Hakuna uwezekano wa kudanganya query kwa kuweka code ya SQL kupitia input.
π§ 5. Kutumia INSERT na PDO
<?php
$stmt = $pdo->prepare("INSERT INTO students (name, class, age) VALUES (:name, :class, :age)");
$stmt->execute([
'name' => 'Mary Joseph',
'class' => 'Form Two',
'age' => 15
]);
echo "π Student added successfully!";
?>
β
Faida:
Data inaingizwa salama.
Hakuna SQL injection.
Rahisi kusoma na kudhibiti.
π 6. Kutumia UPDATE na DELETE
<?php
// UPDATE record
$stmt = $pdo->prepare("UPDATE students SET class = :class WHERE id = :id");
$stmt->execute(['class' => 'Form Three', 'id' => 1]);
// DELETE record
$stmt = $pdo->prepare("DELETE FROM students WHERE id = :id");
$stmt->execute(['id' => 2]);
echo "β
Update and Delete operations done successfully.";
?>
π 7. Kufanya Data Fetch kwa Njia Tofauti
PDO inakupa njia kadhaa za kupata data:
<?php
$stmt = $pdo->query("SELECT * FROM students");
// Fetch moja kwa moja
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
echo $row['name'] . " - " . $row['class'] . "<br>";
}
?>
Aina za Fetch Modes:
Mode Maelezo
PDO::FETCH_ASSOC Inarudisha array yenye majina ya columns tu.
PDO::FETCH_NUM Inarudisha array yenye index za namba.
PDO::FETCH_OBJ Inarudisha object (mfano: $row->name).
𧩠8. Kufunga Connection
PDO connection hufungwa kiotomatiki mwishoni mwa script, lakini unaweza kufunga kwa mkono:
$pdo = null;
π‘ 9. Vidokezo vya Usalama
Tumia prepared statements pekee.
Usiweke credentials (username/password) kwenye code waziwazi β tumia .env au config.php.
Tumia SSL unapounganisha database ya mtandao.
Epuka exec() na query() na data ya mtumiaji moja kwa moja.
Fanya error logging badala ya kuonyesha makosa kwa watumiaji.
𧩠10. Mfano wa Project Kamili (config + operations)
config.php
<?php
$dsn = "mysql:host=localhost;dbname=school_db;charset=utf8mb4";
$username = "root";
$password = "";
try {
$pdo = new PDO($dsn, $username, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die("Connection failed: " . $e->getMessage());
}
?>
add_student.php
<?php
include 'config.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$stmt = $pdo->prepare("INSERT INTO students (name, class) VALUES (:name, :class)");
$stmt->execute([
'name' => $_POST['name'],
'class' => $_POST['class']
]);
echo "π Student added successfully!";
}
?>
<form method="POST">
<input type="text" name="name" placeholder="Enter name" required>
<input type="text" name="class" placeholder="Enter class" required>
<button type="submit">Add Student</button>
</form>
β‘οΈ Mfumo huu ni salama, unaotumia PDO, na unaruhusu kuongeza wanafunzi kwa usahihi.
β
Hitimisho
PDO ni teknolojia ya kisasa, salama, na rahisi kwa kudhibiti database connections kwenye PHP.
Kwa kutumia PDO:
Unaepuka SQL Injection.
Unapata error handling bora.
Unaunda mfumo unaoweza kupanuka (scalable).
π Tembelea:
π https://www.faulink.com/
kwa mafunzo zaidi ya PHP, MySQL, na Web Development ya kisasa.