Skip to main content

Evil Access

I was thinking today about database APIs when inspiration struck. I ended up hacking out the following class, which I think demonstrates a rather interesting approach to interfacing with a database (interesting enough at least to post here).
class DBQuery implements Iterator
protected $_db;
protected $_query;
protected $_result;
protected $_index;
protected $_num_rows;

public function __construct($host, $dbname, $username,
$password) {
$this->_db = new PDO("mysql:dbname=$dbname;host=$host",
$username, $password);

public function __get($query) {
$this->_query = $query;
$this->_result = $this->_db->query($query);
return $this->_num_rows = $this->_result->rowCount();

public function quote($value) {
return PDO::quote($value);

public function __call($query, $values) {
$this->_query = $query;
$this->_result = $this->_db->prepare($this->_query);
return $this->_num_rows = $this->_result->rowCount();

public function clear() {
$this->_index = 0;
$this->_num_rows = 0;
$this->_query = '';

public function rewind() {
$this->_index = 0;

public function current() {
return $this->_result->fetch(PDO::FETCH_ASSOC,
PDO::FETCH_ORI_ABS, $this->_index);

public function key() {
return $this->_index;

public function next() {

public function valid() {
return ($this->_index < $this->_num_rows);

public function __toString() {
return $this->_query;
DBQuery isn't your typical database access class. In fact, I would suggest it's slightly evil since it distorts traditional PHP syntax by abusing taking advantage of three specific PHP features.
  1. PHP allows special characters in an identifier if the string is quoted and is enclosed by {}. So, $myValue and ${"my value"} are both equally valid variable identifiers.

  2. The magic overloading methods allow you handle undefined properties and methods in your class. Specifically, I've made use of __get() and __call().

  3. A class that implements the Iterator interface can be traversed using a foreach loop.
Here's a look at how DBQuery would be used:
// connect to the database
$dbq = new DBQuery("localhost", "test", "dbuser",

// query the database if the user is authorized
$username = "administrator";
$password = sha1("password");
if (!$dbq->{"SELECT * FROM admin_user WHERE username=? " .
"AND password=?"}(array($username, $password))) {

// query the database and display some records
$dbq->{"SELECT id, first_name, last_name FROM employee"};
foreach ($dbq as $result) {

// casting the object as a string yields the query string
echo "Query: $dbq";
Don't try this at home, though, my friends. Just because you can write code like this doesn't mean you should.


  1. Amazing concept, but I'm afraid if I ever see ANY of this code in production in the future I will be forced to strangle you... Consider yourself warned :)

  2. You could make it even hackier by using func_get_args() in __call so the usage would turn out as

    $dbq->{"SELECT * FROM admin_user WHERE username=? AND password=?"}($username, $password)

  3. Yep this is a pretty cool idea. Wouldn't go as far as Commenter #1, but I think it may be a good idea to not bend the rules this much ;)

    ps: why do I have to log in to comment? I don't want to - please make it possible to comment by just leaving your name =)

  4. this looks pretty neat.
    but I don't understand why you shouldn't use something like this ?
    what rules it bends ?


Post a Comment

Popular posts from this blog

Composing Music with PHP

I’m not an expert on probability theory, artificial intelligence, and machine learning. And even my Music 201 class from years ago has been long forgotten. But if you’ll indulge me for the next 10 minutes, I think you’ll find that even just a little knowledge can yield impressive results if creatively woven together. I’d like to share with you how to teach PHP to compose music. Here’s an example: You’re looking at a melody generated by PHP. It’s not the most memorable, but it’s not unpleasant either. And surprisingly, the code to generate such sequences is rather brief. So what’s going on? The script calculates a probability map of melodic intervals and applies a Markov process to generate a new sequence. In friendlier terms, musical data is analyzed by a script to learn which intervals make up pleasing melodies. It then creates a new composition by selecting pitches based on the possibilities it’s observed. . Standing on ShouldersComposition doesn’t happen in a vacuum. Bach was f…

Creepy JavaScript Tracking

I recently began allergy shots so my new Monday morning routine includes me sitting in a doctor's office for 30 minutes (I must wait after receiving the shots and be checked by a nurse to make sure there was no reaction). With nothing else better to do while I waited last week, I started playing around with some JavaScript. This is what I came up with:
<html> <head> <title>Test</title> <script type="text/javascript"> window.onload = function () { var mX = 0,  mY = 0, sX = 0,  sY = 0, queue = [], interval = 200, recIntv = null, playIntv = null, b = document.body, de = document.documentElement, cursor = document.getElementById("cursor"), record = document.getElementById("record"), play = document.getElementById("play"); window.onmousemove = function (e) { e = e || window.event; if (e.pageX || e.pageY) { …

Geolocation Search

Services that allow users to identify nearby points of interest continue to grow in popularity. I'm sure we're all familiar with social websites that let you search for the profiles of people near a postal code, or mobile applications that use geolocation to identify Thai restaurants within walking distance. It's surprisingly simple to implement such functionality, and in this post I will discuss how to do so.

The first step is to obtain the latitude and longitude coordinates of any locations you want to make searchable. In the restaurant scenario, you'd want the latitude and longitude of each eatery. In the social website scenario, you'd want to obtain a list of postal codes with their centroid latitude and longitude.

In general, postal code-based geolocation is a bad idea; their boundaries rarely form simple polygons, the area they cover vary in size, and are subject to change based on the whims of the postal service. But many times we find ourselves stuck on a c…