Why not use mysql functions in PHP

In this article we’ll learn why we should not use mysql functions in PHP, like the query function for example, which was widely used in the past.

Hey you programmer, okay? Let’s learn more about PHP!

The mysql_* functions are not actually from PHP, but from the mysql extension

And what’s the problem?

The problem is that the mysql extension has been discontinued, that is, they do not develop improvements or fix its problems

That’s why it is strongly recommended that you no longer use these functions, and they may eventually stop working as the language evolves.

The extension may be removed at some point, causing your application to no longer recognize these mysql methods

You can then choose between two alternatives:

mysqli;

PDO (recommend);

Furthermore, mysql functions do not support: asynchronous queries, parameterized queries, stored procedures and transactions

And here comes the problem, the lack of parameterized queries is what makes the library insecure

Because if you don’t take proper care, you will be exposed to a SQL Injection, which is a database invasion

So, the best thing is to go for alternatives with more resources and safer

About PDO

PDO is built with object-oriented, a programming paradigm that will make it even easier to use

See an example of PDO connection:

<?php
$servername = "localhost";
$username = "test";
$password = "xxx";

try {
 $conn = new PDO("mysql:host=$servername;dbname=myDB", $username, $password);
 echo "Connected to DB"; 
} catch(PDOException $e) {
 echo "Error: " . $e->getMessage();
}
?>

In addition, PDO works with 12 different drivers, such as: MySQL, MS SQL Server, Oracle, POstgreSQL, SQLite, etc.

I usually use PDO for its versatility and the easy possibility of object orientation

But if you need performance, it would be better to use mysqli