I have been programming php for quite some time now. But unfortunately I lack the profound understanding of few things, and I'm trying to make up for that.
I have asked a few specific questions like how to do this, how to do that, and always focused on achieving things with code rather than just learning for deeper understanding. so this is the first time I ask such an "open" question like this.
I'm planning to create an OOP system with PHP. I'm trying to put everything I have learned thus far into this system. Using the best practices and skills I have acquired up until this moment. The point I'm looking to learn more about is my system Mysqli DB handler.
Rather than just ask questions I will also try answer them myself, so maybe you are kind enough to give me feedback on my way of thinking or confirm the information I have gathered from different resources before asking here.
My first question is why do I need a DB handler class?
So far, I have been calling normal (raw) mysqli statments in my Models (classes) without the need of a handler. But I have seen many systems using a DB handler class. My conclusion is, it saves time. You can write and manipulate MySQL statements quicker than writing them as raw. Is this the only advantage? Another advantage I might think of is safety. I can validate the parameters in my Handler class, and since the validation happens in one place it's more safe, than having to validate parameters in multiple places, increasing the chance of forgetting to validate a parameter or such...
My Second question is, What is exactly preparing a mysql statement, and how does it eliminate the risk of mysql injection? (What is special about it's working that it's different that writing the parameter right into the raw query?)
My Third question is, is PDO required to parameterize queries? A friend of mine told me I must install PDO driver if I want to prepare statements properly. But after researching some, I saw that mysqli has the same ability to prepare and bind parameters to the statements. Is there credibility to his claim?
My 4th question is, according to your experience, can you suggest a good Mysqli DB handler library that is open to be shared and used in my project, also that I can learn from?
I know I have asked many questions, and I REALLY appreciate your time and reply in advance!
Thank you very much.
ShadyAF