Re: [PHP] Trying to Play Catch-Up & get the Bigger Picture
- Date: Wed, 02 Mar 2016 19:04:36 +0000
- From: Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [PHP] Trying to Play Catch-Up & get the Bigger Picture
On Wed, 2016-03-02 at 08:50 -0800, dealtek@xxxxxxxxx wrote:
> Hi all,
> A bit of a layman - general question trying to get the bigger picture...
> It has been a few years since I have used PHP with MySQL database. I understand that the older original MySQL extension has been deprecated, In favor of MySQLi or PDO_MySQL extensions..
> So the question is, big picture, What is the best way to interface with MySQL for this purpose? Would I use:
> - MySQLi
> - PDO_MySQL (Am I correct in assuming that PDO is helpful if one may need to move to another database system in the future?)
> - or maybe web services REST
> - or ???
> Any links to this general subject would be helpful/
> Dave - DealTek
Personally I'd always go with PDO, and not because it allows you to
change the DB backend (I don't know anyone who's ever done this) but
because it offers parameterised queries (prepared statements) to
safeguard against a lot of injection attempts:
$pdo = new \PDO(
\PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
$statement = $pdo->prepare('SELECT * FROM table WHERE field1 = ? AND
field2 = ?');
$statement->execute(array(1234, 'some string'));
The beauty of this is you don't need to worry about the variables that
you're passing in too much, PDO will sanitise them as required for the
database backend you're using.
You can also reuse the prepared statements, but that's a feature I've
not used, as it usually indicates an issue with my PHP logic that I'm
executing the same statement multiple times)
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php