The Tairus Blog

MySQLi and PDO are object oriented and support Prepared Statements (also support Transactions, Stored Procedures and more). Prepared Statements are very important for web application security, as they protect from SQL injection. Using Prepared Statements you do not have to escape strings before insert them in Database. Moreover, PDO offers support for many databases (not only MySQL). Establish a database connection $DBServer = 'localhost';  // or an IP address $DBUser   = 'root'; $DBPass   = 'your password'; $DBName   = 'dbname';  $conn = new mysqli($DBServer, $DBUser, $DBPass, $DBName); // check connection if ($conn->connect_error) { trigger_error('Database connection failed: '  . $conn->connect_error, E_USER_ERROR); } //select rows $sql='SELECT * FROM users'; $rs=$conn->query($sql);   $rows_returned = $rs->num_rows; echo $rows_returned;  //returns number of rows //loop throu...

Authentication and Authorization check if a user is logged in or not via CWebUser::isGuest check if the user can perform specific operations by calling CWebUser::checkAccess  The main work in defining an identity class is the implementation of the IUserIdentity::authenticate method  class UserIdentity extends CUserIdentity {     private $_id;     public function authenticate()     {         $record=User::model()->findByAttributes(array('username'=>$this->username));         if($record===null)             $this->errorCode=self::ERROR_USERNAME_INVALID;         else if($record->password!==crypt($this->password,$record->password))             $this->errorCode=self::ERROR_PASSWORD_INVALID;         else         {             ...