Re: [PHP] Trying to Play Catch-Up & get the Bigger Picture
- Date: Wed, 2 Mar 2016 14:28:01 -0500
- From: Aziz Saleh <azizsaleh@xxxxxxxxx>
- Subject: Re: [PHP] Trying to Play Catch-Up & get the Bigger Picture
On Wed, Mar 2, 2016 at 2:04 PM, Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx>
> On Wed, 2016-03-02 at 08:50 -0800, dealtek@xxxxxxxxx wrote:
> > Hi all,
> > A bit of a layman - general question trying to get the bigger picture...
> > It has been a few years since I have used PHP with MySQL database. I
> understand that the older original MySQL extension has been deprecated, In
> favor of MySQLi or PDO_MySQL extensions..
> > Currently, I am looking into building so mobile friendly Apps/Websites
> And PHP and MySQL on the backend.
> > So the question is, big picture, What is the best way to interface with
> MySQL for this purpose? Would I use:
> > - MySQLi
> > - PDO_MySQL (Am I correct in assuming that PDO is helpful if one may
> need to move to another database system in the future?)
> > - or maybe web services REST
> > - or ???
> > Any links to this general subject would be helpful/
> > --
> > Thanks,
> > Dave - DealTek
> > dealtek@xxxxxxxxx
> > [db-15]
> Personally I'd always go with PDO, and not because it allows you to
> change the DB backend (I don't know anyone who's ever done this) but
> because it offers parameterised queries (prepared statements) to
> safeguard against a lot of injection attempts:
> $pdo = new \PDO(
> \PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
> $statement = $pdo->prepare('SELECT * FROM table WHERE field1 = ? AND
> field2 = ?');
> $statement->execute(array(1234, 'some string'));
> The beauty of this is you don't need to worry about the variables that
> you're passing in too much, PDO will sanitise them as required for the
> database backend you're using.
> You can also reuse the prepared statements, but that's a feature I've
> not used, as it usually indicates an issue with my PHP logic that I'm
> executing the same statement multiple times)
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
+1 for PDO