I’m building a big website, and using the normal old mysql_query method for transactions and communications with the database, and everything i going fine, including security. I’m a little bit confused, should I switch to the new PDO interface? cause I learnt that’s safer, or keep using the old mysql_query() and mysql_fetch_assoc() methods?
I’m very close to completing the website, and to switch to the PDO interface will cost me time, to start updating my codes.
I’m a little confused, which should I use and what are the pros and cons?
2
I’m a little confused, which should i use
No doubt if you just go through this link you will see a notice. So you should get switched to PDO or MySQLi.
Cons and Pros :
There are many posts available on stackoverflow on this subject. They all talk about PDO and why use it.
- one
- two
- three
- four
And many more here. Finally I would recommend you to switch to PDO or mysqli as mysql will be removed as per the link. Even if you have considered the security issues and secured you app, whats the use when it is completely lost? You need to do it later time somehow, So do it now itself. Hope this helps.
Normally it’s good to use the Mysqli or PDO is the best option for connecting database, since mysql will be removed soon.
But in developer point of view, write a simple wrapper class for all database connectivity
For example
For mysql
Class database_mysql {
public getResults($query) {
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
return $row;
}
.
.
.
<other functions>
}
For PDO
Class database_pdo {
public getResults($query) {
$statement = $pdo->query($query);
$row = $statement->fetch(PDO::FETCH_ASSOC);
return $row;
}
.
.
.
<other functions>
}
For mysqli
Class database_mysqli {
public getResults($query) {
$result = $mysqli->query($query);
$row = $result->fetch_assoc();
return $row;
}
.
.
.
<other functions>
}
when you initialize the class use below
$db = new Database_mysql(<arguments>);
where ever you need the results, just use
$db->getResults(<query>);
if you need to switch over to mysqli, or PDO, just change the class name
$db = new Database_pdo(<arguments>);
So this will save lot of your time on changing the extension.
1
I would prefer PDO for any new development, as its a pretty nice interface and supports most backend databases without to much fiddling (with the notable exception of ORACLE!).
However if you a a functioning system using ‘mysql_query’ then I don’t see any reason to change. The main advantage of PDO apart from portability is that its a nice clean interface to code up. But as your application is already coded and you do not intent to switch from MySql to another DB I think your time would be better spent doing something more useful.
You can still work with your code provided you don’t plan upgrading to the version(s) of php that will take mysql out.
Which means you’ll loose most of the improvements in these new version(s).
Switching from mysql to mysqli will be easier as compared to pdo, mysqli have similar interface/functions to mysql.
If you intend to connect to only mysql databases, then i would advise you to use mysqli, pdo is more generic and allows you to connect to other databases with minimal changes, but I think there will be a performance loss as compared with mysqli.
I must admit though that its unnoticeable.
0