Using PHP's OOP feature to realize data protection

In PHP 4, declaring a variable usually uses VAR, in PHP 5, you can use object-oriented programming (OOP) features to customize the visibility of data-accessibility, which is similar to the scope of the variable, but provides a better control mechanism with the following three types of visibility modifiers:

Public (default)--variables can be accessed or modified globally.

protected--variables can only be accessed or modified within the class itself and directly derived from (using the extends statement) class.

private--variables can only be accessed or modified within a class.

Like interface implementations, violating these rules in a program can cause serious errors, and, like interfaces, they exist purely for the convenience of programmers. However, this does not mean that you can ignore them, specify the visibility of a class member variable, and protect the data within the object from external influences.

Suppose there is a mysqldb class in which a $link variable is declared private, which means that the variable can only be accessed from within the object using $this variables, which prevents accidental overwriting of other objects or functions outside the class, where we will use the visibility feature to help us create A query object.

You can think of query as a separate entity that can execute and return results. Some database systems also have stored procedures that are similar to functions, store query statements, and accept the corresponding arguments when invoked, but MySQL does not provide similar functionality until version 5.1, and some other types of database management systems do not.

In this article, you will combine the two attributes above into the sample query object, which simulates a basic stored procedure and saves the result pointer internally. Currently, the focus is on executing query from the object, where you can invoke the query () function of the MySQLdb object.

You can define the following public function in the query object:

__construct ()--the constructor accepts a parameter that contains a reference to an instance of the DB interface object.

Prepare ()--function prepare () initializes the stored procedure for query. It may contain one or more limited placeholders that will be passed as arguments to the Execute () function. A placeholder is defined as a colon that is associated with the number of parameters followed by an integer and a letter related to the parameter type.

A simple query that contains placeholders looks like this:

SELECT col1,col2 from table_name WHERE col1=:1i

Execute ()--the function execute () executes query. If it is prematurely initialized to a stored procedure by the prepare () function, any parameters passed in are used as the execution parameters of the stored procedure, otherwise the first argument will only be used as the query text. The function execute () returns the result of executing the query.

Compile ()--function compile () is similar to the function execute (), in fact, query does not execute, but instead replaces all placeholders in the query string, accepts the parameters of the stored procedure, and returns the compiled version of query.

Protected members

As mentioned above, the concept of visibility can be used to hide the internal work of objects and to protect the data integrity required for internal work. As explained earlier, the result pointer returned by query will be saved as the protected property, where the protected member is used because a particular database query object derived from the query object may overload some core functionality.