Form's fields values directly to mysql table

Question

After some projects in PHP/MYSQL and some attemps to make my coding life simpler and better, I recently started to write my own MVC Framework. However, with little experience with MYSQL I observed that I actually always do the same: I make some HTML forms which I submit with button and then send directly POST data to MYSQL table, something like:

$data1 = $_POST['data1']
$data2 = $_POST['data2']
// ...
$data999 = $_POST['data999']
// some data validation
// ...
magicFunction( $data )

And, of course, magicFunction is nothing else like function which generates mysql INSERT/UPDATE/DELETE code with specified data. Wouldn't it be bad idea to create some classes and methods which just handle $_POST variable from Controller and get some data validation restrictions from me? It is so easier to live with. However, what I would like to know: is it good practise to name form fields same as mysql table columns (maybe with some defined exceptions)? If yes, what should I consider in project like this?

Answer 1

I always use PHP's PDO class for database connections. It's the best way to handle database events in my opinion.

Heres the link. Read on how to establish a connection and you MUST read on how to prepare and execute statements to prevent SQL injection: https://www.php.net/manual/en/intro.pdo.php

Also I like to create a class for each table in the database.

Example:

$username = $_POST['username'];
$userTable = new UserTable();
$userTable->selectUserByUsername($username);

When you understand how the PDO class works you can directly and safely use $_POST data to query a database.