PHPackages                             krugozor/database - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Database &amp; ORM](/categories/database)
4. /
5. krugozor/database

ActiveLibrary[Database &amp; ORM](/categories/database)

krugozor/database
=================

PHP class library for simple, convenient, fast and safe work with MySql database, using PHP mysqli extension and imitation of prepared queries.

v1.0.5(2mo ago)392.5k16PHPPHP &gt;=8.0

Since Nov 30Pushed 2mo ago5 watchersCompare

[ Source](https://github.com/Vasiliy-Makogon/PHP-MySQL-Class)[ Packagist](https://packagist.org/packages/krugozor/database)[ Docs](https://github.com/Vasiliy-Makogon/Database)[ RSS](/packages/krugozor-database/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (2)DependenciesVersions (7)Used By (0)

**Other languages:**

- [Русская документация](docs/README_ru.md)
- [Documentation française](docs/README_fr.md)
- [Deutsche Dokumentation](docs/README_de.md)
- [Documentazione italiana](docs/README_it.md)
- [日本語ドキュメント](docs/README_ja.md)
- [Documentación en español](docs/README_es.md)
- [한국어 문서](docs/README_ko.md)
- [简体中文文档](docs/README_zh-CN.md)
- [繁體中文文件](docs/README_zh-TW.md)
- [Dokumentasi Bahasa Indonesia](docs/README_id.md)
- [Documentação em Português (BR)](docs/README_pt-BR.md)
- [हिंदी दस्तावेज़](docs/README_hi.md)
- [التوثيق بالعربية](docs/README_ar.md)
- [Türkçe Dokümantasyon](docs/README_tr.md)
- [Tài liệu tiếng Việt](docs/README_vi.md)

---

Getting the Library
-------------------

[](#getting-the-library)

You can [download it as an archive](https://github.com/Vasiliy-Makogon/Database/archive/master.zip), clone it from this site, or install via composer ([packagist.org link](https://packagist.org/packages/krugozor/database)):

```
composer require krugozor/database

```

What is `krugozor/database`?
----------------------------

[](#what-is-krugozordatabase)

`krugozor/database` is a PHP &gt;= 8.0 class library for simple, convenient, fast, and secure work with MySQL databases, using the PHP extension [mysqli](https://www.php.net/manual/en/book.mysqli.php).

### Why do you need a custom class for MySQL when PHP already has PDO abstraction and the mysqli extension?

[](#why-do-you-need-a-custom-class-for-mysql-when-php-already-has-pdo-abstraction-and-the-mysqli-extension)

The main drawbacks of all libraries for working with MySQL in PHP are:

- **Verbosity**
    - To prevent SQL injections, developers have two options:
        - Use [prepared statements](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php).
        - Manually escape parameters going into the SQL query body. Pass string parameters through [mysqli\_real\_escape\_string](https://www.php.net/manual/en/mysqli.real-escape-string.php), and cast expected numeric parameters to the appropriate types — `int` and `float`.
    - Both approaches have significant drawbacks:
        - Prepared statements are [terribly verbose](https://www.php.net/manual/en/mysqli.prepare.php#refsect1-mysqli.prepare-examples). Using PDO abstraction or the mysqli extension "out of the box", without aggregating all methods for retrieving data from the DBMS, is simply impossible — to get a value from a table you need to write at least 5 lines of code! And that's for every single query!
        - Manual escaping of parameters going into the SQL query body is not even worth discussing. A good programmer is a lazy programmer. Everything should be automated as much as possible.
- **Inability to get the SQL query for debugging**
    - To understand why an SQL query doesn't work in your program, you need to debug it — find either a logical or syntactic error. To find the error, you need to "see" the actual SQL query that the database complained about, with parameters substituted into its body. That is, to have a fully formed SQL statement. If a developer uses PDO with prepared statements, this is... IMPOSSIBLE! No convenient mechanisms for this are [PROVIDED](https://qna.habr.com/q/22669) in the native libraries. You're left with either workarounds or digging through the database log.

### Solution: `krugozor/database` — a class for working with MySQL

[](#solution-krugozordatabase--a-class-for-working-with-mysql)

1. Eliminates verbosity — instead of 3 or more lines of code to execute a single query when using the "native" library, you write just one.
2. Escapes all parameters going into the query body according to the specified placeholder type — reliable protection against SQL injections.
3. Does not replace the functionality of the "native" mysqli adapter, but simply complements it.
4. Extensible. Essentially, the library provides only a parser and SQL query execution with guaranteed protection against SQL injections. You can inherit from any library class and, using both library mechanisms and `mysqli` and `mysqli_result` mechanisms, create the methods you need.

### What the `krugozor/database` library is NOT

[](#what-the-krugozordatabase-library-is-not)

Most wrappers for various database drivers are a pile of useless code with terrible architecture. Their authors, not understanding the practical purpose of their wrappers themselves, turn them into something like query builders (sql builder), ActiveRecord libraries, and other ORM solutions.

The `krugozor/database` library is none of these. It's just a convenient tool for working with regular SQL within the MySQL DBMS — and nothing more!

What are placeholders?
----------------------

[](#what-are-placeholders)

**Placeholders** — **special typed markers that are written in the SQL query string *instead of explicit values (query parameters)***. The values themselves are passed "later", as subsequent arguments to the main method that executes the SQL query:

```
$result = $db->query(
    "SELECT * FROM `users` WHERE `name` = '?s' AND `age` = ?i",
    "d'Artagnan", 41
);
```

SQL query parameters passed through the *placeholder* system are processed by special escaping mechanisms, depending on the placeholder type. This means you no longer need to wrap variables in escaping functions like `mysqli_real_escape_string()` or cast them to numeric types, as was done before:

```