I maintain and add features on a freelance basis to a website written in PHP. The application was started in PHP4 by a junior programmer back in 2006, and features some very insecure and unmaintainable ways of doing things, which I am trying to correct as time goes on. If the client agrees, one of the first things I would like to do is add in a proper database layer of some sort.
The current database access looks like this:
if (!function_exists('my_query')) {
function my_query($query) {
if ($query=='disabled') return false;
global $last_insert_id,$dbconn,$dbase;
$result=mysql_query($query,$dbconn) or die('ERROR: '.mysql_error($dbconn).'<br />'.$query);
$last_insert_id=mysql_insert_id($dbconn);
return $result;
}
}
There is also a function to make arrays from the data returned.
if (!function_exists('spawnarray')) {
function spawnarray($result)
{
$i = 0;
if ($result != "") {
if (mysql_num_rows($result) > 0) {
while($result_obj[$i] = mysql_fetch_object($result)) {
$sp_result[$i]=$result_obj[$i];
$i++;
}
return $sp_result;
}
}
}
}
These two functions are basically the database layer, and SQL queries are constructed on the fly for them all over the place.
So my question is, how can I start to introduce database abstraction in to the mix? I would like to move to PDO for security and ease of use reasons, but maybe there is a better way to go?
I have already moved the project to Composer for some of its dependencies (Some are dead projects, which is a different issue) so maybe an ORM like Doctrine would be the way to go? That might mean moving the website to OOP in one go though: a daunting prospect, and a sure no-go from the client.
