Start using mysqli or PDO instead of mysql

Codes here !

Moderators: macek, egami, gesf

User avatar
freshnet
php-forum Active User
php-forum Active User
Posts: 285
Joined: Tue Feb 22, 2011 8:19 am
Location: Canada

Start using mysqli or PDO instead of mysql

Postby freshnet » Fri Aug 24, 2012 3:32 am

A lot of people posting here still seem to be using the mysql extension instead of mysqli or PDO. Here are some things you should know about doing this.

First, a quote from the PHP.net pages:

'There are three MySQL extensions, as described under the Choosing a MySQL API section. The old API should not be used, and one day it will be deprecated and eventually removed from PHP. It is a popular extension so this will be a slow process, but you are strongly encouraged to write all new code with either mysqli or PDO_MySQL.'


1. Mysql will eventually be removed from PHP
2. Mysql does not support prepared statements, a great way of saving time
3. Mysql does not support transactions at all
4. PDO has built-in SQL injection protection
5. I believe that parametrized queries (another security feature) are only supported in PDO

Personally, when writing quick code I prefer to use mysqli as I find it a little more intuitive. When I'm writing anything that I think has any potential.

I hope this proves useful for people, especially those just starting out writing code for working with MYSQL databases. Switch to mysqli or PDO now and you'll save yourself a lot of hassle later on!

johnj
php-forum Super User
php-forum Super User
Posts: 1805
Joined: Thu Mar 10, 2011 5:07 pm

Re: Start using mysqli or PDO instead of mysql

Postby johnj » Fri Aug 24, 2012 7:58 am

Yes, php data objects is a great blessing. One need to use it to understand how useful it is.

User avatar
Nullsig
php-forum Fan User
php-forum Fan User
Posts: 981
Joined: Thu Feb 17, 2011 6:52 am
Location: Racine, WI

Re: Start using mysqli or PDO instead of mysql

Postby Nullsig » Fri Aug 24, 2012 8:13 am

1. Mysql will eventually be removed from PHP

This is a valid point, but at the same time the user would have to update to the new version of PHP to be affected by removal.


2. Mysql does not support prepared statements, a great way of saving time

Prepared statements only save time in the case where you are executing the same query multiple times in the same script with different parameters, otherwise it is actually slower.


3. Mysql does not support transactions at all

Also a valid point, but the majority of users seeking help here aren't dealing with situations where transactions are necessary.


4. PDO has built-in SQL injection protection

mysql_real_escape_string protects from injection also, especially if you use it correctly.


5. I believe that parametrized queries (another security feature) are only supported in PDO

Once again while useful, these are slower in general than mysql unless the script is repeatedly using the same query.



Overall users come to us with what they have tried. I in general respond to them with the answer to their question using their code. Rarely are users requesting information about PDO or mysqli but when they do I am more than willing to answer. While this forum is for education, it seems to be inefficient to tell someone that to accomplish their goal not only do they have to fix the issue they came to us with but they have to learn an entirely new set of functions. They typically don't understand the mysql extension when they ask their question as it stands.



Personally I get much better performance from mysql than I do from mysqli and PDO. The added security of the others is nice but if you aren't stupid mysql is just as secure. Mysqli is similar enough that upgrading when it becomes necessary will be as easy as just find and replacing all on my scripts, but until it becomes absolutely necessary I am fine with the better performance I get from vanilla mysql.


Return to “mySQL & php coding”

Who is online

Users browsing this forum: Yahoo [Bot] and 1 guest