Web lists-archives.com

Re: [PHP] Trying to Play Catch-Up & get the Bigger Picture




On Wed, 2016-03-02 at 21:34 +0100, Christoph Becker wrote:
> On 02.03.2016 at 20:04, Ashley Sheridan wrote:
> 
> > On Wed, 2016-03-02 at 08:50 -0800, dealtek@xxxxxxxxx wrote:
> 
> >> So the question is, big picture, What is the best way to interface with MySQL for this purpose? Would I use:
> >>
> >> - MySQLi
> >> - PDO_MySQL (Am I correct in assuming that PDO is helpful if one may need to move to another database system in the future?)
> >>
> >> - or maybe web services REST
> >> - or ???
> >
> > Personally I'd always go with PDO, and not because it allows you to
> > change the DB backend (I don't know anyone who's ever done this) but
> > because it offers parameterised queries (prepared statements) to
> > safeguard against a lot of injection attempts:
> 
> MySQLi also offers prepared statements, see
> <http://php.net/manual/en/mysqli.prepare.php>. :)
> 

But you have to distinguish what's a string and what's a number
yourself, PDO just handles all of that automatically.

Thanks,
Ash

http://www.ashleysheridan.co.uk




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php