haphpiness

These are things in PHP which make me genuinely_happy();

PDO — Clean, Consistent Database Abstraction

PDO provides a uniform interface for accessing databases in PHP. MySQL, PostgreSQL, SQLite, SQL Server — same API, same prepared statements, same error handling. Switch databases without rewriting your data layer.

$pdo = new PDO('sqlite:app.db');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);

// Prepared statements — SQL injection is simply not possible
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email AND active = :active');
$stmt->execute(['email' => $email, 'active' => true]);
$user = $stmt->fetch();

// Transactions with automatic rollback
try {
    $pdo->beginTransaction();
    $pdo->prepare('UPDATE accounts SET balance = balance - ? WHERE id = ?')->execute([100, $from]);
    $pdo->prepare('UPDATE accounts SET balance = balance + ? WHERE id = ?')->execute([100, $to]);
    $pdo->commit();
} catch (PDOException $e) {
    $pdo->rollBack();
    throw $e;
}

PDO's prepared statements make SQL injection protection the path of least resistance. The parameterized query API is cleaner than string concatenation, so doing the safe thing is also the easy thing.

Significance: Security by Design

When the secure approach is also the most convenient approach, developers choose security by default. PDO's prepared statements are easier to write than concatenated SQL, making SQL injection a conscious choice rather than an accidental oversight.