PHP

Why not use mysql functions in PHP

January 29, 2022

Why not use mysql functions in PHP

In this article we’ll learn why we should not use mysql functions in PHP, like the query function for example, which was widely used in the past.

mysql functions in PHP cover

Hey you  programmer, okay? Let’s learn more about PHP!

The mysql_* functions are not actually from PHP, but from the mysql extension

And what’s the problem?

The problem is that the mysql extension has been discontinued, that is, they do not develop improvements or fix its problems

That’s why it is strongly recommended that you no longer use these functions, and they may eventually stop working as the language evolves.

The extension may be removed at some point, causing your application to no longer recognize these mysql methods

You can then choose between two alternatives:

  • mysqli;
  • PDO (recommend);

Furthermore, mysql functions do not support: asynchronous queries, parameterized queries, stored procedures and transactions

And here comes the problem, the lack of parameterized queries is what makes the library insecure

Because if you don’t take proper care, you will be exposed to a SQL Injection, which is a database invasion

So, the best thing is to go for alternatives with more resources and safer

About PDO

PDO is built with object-oriented, a programming paradigm that will make it even easier to use

See an example of PDO connection:

<?php
$servername = "localhost";
$username = "test";
$password = "xxx";

try {
 $conn = new PDO("mysql:host=$servername;dbname=myDB", $username, $password);
 echo "Connected to DB"; 
} catch(PDOException $e) {
 echo "Error: " . $e->getMessage();
}
?>

In addition, PDO works with 12 different drivers, such as: MySQL, MS SQL Server, Oracle, POstgreSQL, SQLite, etc.

I usually use PDO for its versatility and the easy possibility of object orientation

But if you need performance, it would be better to use mysqli

Conclusion

In this article we learned why we should not use mysql functions in PHP

This gives the possibility of making the application unsafe, when data processing is done wrongly

Also we saw alternatives to mysql like mysqli and PDO

Want to learn more about PHP? Click here!

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x