Lisantra Technologies, Llc
Smart Programming for Creative Professionals
php Code Sample
<?php
/**
* I get all blog entries from the database for a single blog
*
* @author Michael Gatto <mgatto@lisantra.com>
* @param resource $dbh is a PDO connection handler
* @return mixed $blog['select_all'] is the base variable for this fuse
* @return mixed $blog['select_all']['error'] holds data from a PDO exception
*/
try {
/**
* INPUTS
*/
// base variable name abstracted the name for easy refactoring
$params['circuit'] = "blog";
// = $myFusebox->orginalCircuit
//type of query abstracted for easy refactoring
$params['type'] = "select_all";
// = $myFusebox->thisFuseaction
//build the array acting as a namespace: $blog['select_all']
${$params['circuit']}[$params['type']] = array();
//we could also cast to string with "" around the variable,
//but let's be explicit aboutour casting
$params['blog_id'] = (string) $attributes['blogid']; //should be a UUID
/**
* PROCESSING
*/
//we could use MySQL's date functions to format 'written_on',
// but let's keep that in the view
${$params['circuit']}[$params['type']]['sql'] = "
SELECT
e.id,
e.entry_id,
e.blog_id,
e.entry_title,
e.written_on,
e.created_by_id,
a.author_name
FROM entries e
INNER JOIN authors a
ON a.author_id = e.written_by
WHERE e.blog_id = :blog_id";
//prepared statements are more verbose, but secure and sometimes
// more efficient on db resources: YMMV.
${$params['circuit']}[$params['type']]['stmt'] =
$dbh->prepare( ${$params['name']."['sql']"} );
//make sure a param type is specified, matching the cast in the input section
${$params['circuit']}[$params['type']]['stmt']->bindParam(
":blog_id", $params['blog_id'], PDO::PARAM_STR
);
//execute without assigning it to a variable to maintain explicitness
${$params['circuit']}[$params['type']]['stmt']->execute();
//let's get the variable to use in the view as an associative array so we
//can use count and foreach nicely. Objects would work, too.
${$params['circuit']}[$params['type']]['rs'] =
${$params['circuit']}[$params['type']]['stmt']->fetchAll( PDO::FETCH_ASSOC );
//let's get a count and provide it as a convenience to the view or other
//models, or an exception
if ( ${$params['circuit']}[$params['type']]['rs'] ) {
//PDO does not have a count function, so count the elements in
//the rs array instead
${$params['circuit']}[$params['type']]['count'] =
count( ${$params['circuit']}[$params['type']]['rs'] );
}
else {
//maybe I shouldn't use an exception for an error case?
throw new Exception(
"No records were returned because: " .
${$params['circuit']}[$params['type']]['stmt']->errorInfo()
);
}
/**
* CLEAN UP
* prevent variable pollution. Ah, Php 5.3 namespaces will be great here.
* NOTE: unsetting $params does NOT destroy the dynamic variables!
*/
unset( $params );
//post-process $blog output array is needed
//for example, we could run htmlspecialchars() for good security practice
array_map( htmlspecialchars, ${$params['circuit']}[$params['type']]['rs'] );
}
//differentiate between the different exception types
catch (PDOException $e) {
${$params['circuit']}[$params['type']]['error'][]['type'] =
"PDO::" . $e->getCode();
${$params['circuit']}[$params['type']]['error'][]['details'] =
$e->getMessage() .
" in file: " . $e->getFile() .
" on line: " . $e->getLine();
//do not print 'details' to the screen, since it can expose
//database structure to users!
}
//catch any non-PDO exceptions
catch (Exception $e) {
${$params['circuit']}[$params['type']]['error'][]['type'] =
"Application::" . $e->getCode();
${$params['circuit']}[$params['type']]['error'][]['details'] =
$e->getMessage() .
" in file: " . $e->getFile() .
" on line: " . $e->getLine();
}
?>
59 E. Camino Limon Verde, Sahuarita AZ 85629 * 520.777.9330 * mgatto at lisantra dot com
© 2010 by Lisantra Technologies, Llc. All rights reserved.