Start using mysqli or PDO instead of mysql

[freshnet]

A lot of people posting here still seem to be using the mysql extension instead of mysqli or PDO. Here are some things you should know about doing this.

First, a quote from the PHP.net pages:

'There are three MySQL extensions, as described under the Choosing a MySQL API section. The old API should not be used, and one day it will be deprecated and eventually removed from PHP. It is a popular extension so this will be a slow process, but you are strongly encouraged to write all new code with either mysqli or PDO_MySQL.'


1. Mysql will eventually be removed from PHP
2. Mysql does not support prepared statements, a great way of saving time
3. Mysql does not support transactions at all
4. PDO has built-in SQL injection protection
5. I believe that parametrized queries (another security feature) are only supported in PDO

Personally, when writing quick code I prefer to use mysqli as I find it a little more intuitive. When I'm writing anything that I think has any potential.

I hope this proves useful for people, especially those just starting out writing code for working with MYSQL databases. Switch to mysqli or PDO now and you'll save yourself a lot of hassle later on!

[johnj]

Yes, php data objects is a great blessing. One need to use it to understand how useful it is.

[Nullsig]

1. Mysql will eventually be removed from PHP

This is a valid point, but at the same time the user would have to update to the new version of PHP to be affected by removal.


2. Mysql does not support prepared statements, a great way of saving time

Prepared statements only save time in the case where you are executing the same query multiple times in the same script with different parameters, otherwise it is actually slower.


3. Mysql does not support transactions at all

Also a valid point, but the majority of users seeking help here aren't dealing with situations where transactions are necessary.


4. PDO has built-in SQL injection protection

mysql_real_escape_string protects from injection also, especially if you use it correctly.


5. I believe that parametrized queries (another security feature) are only supported in PDO

Once again while useful, these are slower in general than mysql unless the script is repeatedly using the same query.



Overall users come to us with what they have tried. I in general respond to them with the answer to their question using their code. Rarely are users requesting information about PDO or mysqli but when they do I am more than willing to answer. While this forum is for education, it seems to be inefficient to tell someone that to accomplish their goal not only do they have to fix the issue they came to us with but they have to learn an entirely new set of functions. They typically don't understand the mysql extension when they ask their question as it stands.



Personally I get much better performance from mysql than I do from mysqli and PDO. The added security of the others is nice but if you aren't stupid mysql is just as secure. Mysqli is similar enough that upgrading when it becomes necessary will be as easy as just find and replacing all on my scripts, but until it becomes absolutely necessary I am fine with the better performance I get from vanilla mysql.