Interfacing With MySQL

Webfront uses MySQL as a database to keep track of things like user accounts, permissions, our Todo list, and many other things. It turns out that using a database for this is much more convenient than storing this information in XML or flatfiles.

We access our MySQL database through PHP's MySQLi interface, which makes extensive use of prepared statements, which are essentially pre-determined queries to the database with very little room for modification, to prevent common attacks against databases known as SQL injections. They are quite convenient and prevent us having to re-write SQL statements.

There's no particular convention that we'll follow with Webfront as far as database access goes, other than using MySQLi's prepared statements - a good basic example of this is in /modules/todoModule.php, the code that loads and sends information about the todo list to and from the database).

It may be beneficial to read PHP's official documentation on MySQLi prepared statements.