The absolute minimum protection you need in your PHP app to protect your database from common attack vectors.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


MDW - Minimum Database Wrapper for PHP 5+

v0.2.1 Build 20110704a


MDW is a simple database class that provides a slightly easier method of using PDO in your application. By encouraging the use of insertRecords(), updateRecords() and deleteRecords() methods and providing a simple executeQuery() method for SELECTs and other complex queries using prepared statements, you should be able to more easily avoid most obvious forms of database attack and penetrations.

MDW is not meant to be a complete ADO or DBAL package. It is simply provided as the easiest method to secure your database against looting without forcing you to substantially change your existing code.

In this initial release, only MySQL is supported. Adding further databases is fairly trivial, and will be explained in the wiki.


  • PHP 5.0 or higher
  • PDO


// Load the factory class and create an instance.
$db = Database::create('mysql');

// Create 2 connections - read-only and read-write, and store the
// connection info in constants for later use.
define('DBREAD', $db->newConnection('localhost', 'userRO', 'password', 'DBname'));
define('DBWRITE', $db->newConnection('localhost', 'userRW', 'password', 'DBname'));

// Read a table and echo the contents. The use of prepared statements
// means not having to escape input.
$db->executeQuery('SELECT * FROM `settings` WHERE `settings`.`section` = ?', 'Page');
if ($db->numRows() > 0) {
    while ($setting = $db->getRows()) {

// Insert a new row into "settings" table and print the ID (if any).
$newId = $db->insertRecords('settings', array(
    'name' => 'New Settign',
    'section' => 'Page'
$db->setActiveConnection(DBREAD); // Recommended practice after any write operation.

// Update the inserted row to fix spelling error, and display the number
// of rows affected. Both the "changes" and "conditions" arrays can
// have more than one member.
$rowsAffected = $db->updateRecords('settings', array(
    'name' => 'New Setting'
), array(
    'id' => $newId,
    'section' => 'Page'

// Delete that row for fun, but limit it to a single record (if the
// limit parameter is left off, all records matching the condition
// would be deleted. The "conditions" array can have more than one
// member.
$rowsDeleted = $db->deleteRecords('settings', array(
    'name' => 'New Setting',
    'section' => 'Page'
), 1);


MDW is licensed under the GPL3. Please see the "LICENSE.txt" file for details.


The GitHub issues page and wiki will be considered the "go to" source for technical information related to MDW.