If you want to make a functional website, you're most likely going to have to use a database. But you need a secure and reliable way to connect to this database. php's mysql function has been depreciated, it's very insecure and you shouldn't be using it anymore. You can use mysqli (mysql improved), but I prefer PDO.
Pdo uses prepared statements, so this easily counters sql injection attacks on your site. (if done correctly, that is.)
The class: (read //comments)
Code:
<?php
// static PDO db class
class Database {
public static function dbConnect() {
try {
$dbh = "localhost"; // db host
$dbu = "root"; //mysql user
$dbp = "pass"; //mysql pass
$dbd = "my_database"; //db name
$conn = new pdo("mysql:host=$dbh;dbname=$dbd;", $dbu, $dbp);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $conn;
} catch(PDOException $e) {
die('Database error: <br>', $e);
}
}
}
Usage:
Code:
<?php
$q = Database::dbConnect()->prepare("SELECT your_column FROM your_table"); // our prepared statement
$q->execute(); //execute the prepared statement
$try = $q->fetchAll(); // fetch the data
if ($try) { // validate
foreach ($try as $row) {
$result = $row['your_column]; //returns your column
}
} else {
$result = null;
}
echo $result;
?>
I can't link links yet sadly, but when I can I'll come back to this post and post some php reference links.
If this helped you in any way don't be scared to +rep me

You can always PM me if you need help, cheers.