PDOdb – Secure PHP & MySQL Database Class using PDO

PDOdb is a lightweight and secure PHP database wrapper built entirely on PDO. The syntax is based on the popular MysqliDb class by ThingEngineer, but the codebase has been completely rewritten to meet modern standards for structure, type safety, and security.

Why we built it – and what makes it different

We decided to rebuild this class from scratch after reviewing many database wrappers in the PHP ecosystem. Most of them either lacked essential security features, allowed unsafe input by default, or were unnecessarily complex and hard to maintain.

Since we still use MysqliDb in many of our own projects, it was a logical step to retain its simplicity – but rewrite the internals with a stricter structure and modern safety principles. The result is a class that keeps SQL readable and predictable, while adding proper validation, subquery support, and type-aware WHERE methods.

• 100% PDO-based – no mysqli
• Typed where* methods with input validation
• JOINs, subqueries, HAVING, transactions and table locking
• Multiple named connection instances
• Flexible output: array, object, JSON, or mapped results

Whether you're building admin tools, APIs, dashboards or internal services – PDOdb gives you full SQL control with consistent behavior and robust protection against SQL injection.

PDOdb is not affiliated with ThingEngineer or MysqliDb. It is an independent project that respects the original idea, but takes a cleaner, safer, and more modern approach to PHP & MySQL development.