0

Just writing a PHP website and using mySqli for my database connectivity. Really enjoying it as I can use Prepare statements and then do a $result = $stmt->get_result(); which loads results into an associated array. However, thought it best be time to upload a few pages and the DB to hosting site to test speed and such to find that it does not support the $stmt->get_result(); command, having it needing to use the mysqlnd driver which my host does not support.

Looking into this nor does many host providers either. Now when I started the website I looked back at some of my old PHP code and apparently the normal mySql code that I used to use has become obsolete and was told on the internet to use mySQLi instead only to find that support for this is dropping to?! so it would see, so what is the best mySql connectivity to use?

Cliff
  • 75
  • 1
  • 7

2 Answers2

6

I would not use any old mysql connectors at all. They are deprecated due to huge gaping security holes. As for whether you want to use prepared statements using mysqli or PDO, that is a matter of choice; they both are pretty secure. mysqli is good as long as you use prepared statements and don't rely on escaping your variables (which is a huge pain and easy to make a mistake, so therefore not as secure).

The advantages of using PDO is that is easier to move between different database types (e.g. if you want to work with Oracle or SQL Server or PostreSQL) it is easier to make the transition, and it is far more powerful if you like to work with classes. On this site you will generally find more people who prefer PDO.

Also as for support for mysqlnd? See below documentation from the official site:

PHP 5.4 has mysqlnd as default

As of PHP 5.4, the mysqlnd library is a php.net compile time default to all PHP MySQL extensions. Also, the php.net Windows team is using mysqlnd for the official PHP Windows distribution since mysqlnd became available in PHP 5.3

In other words, those web host providers are behind the times. You might want to look for a better one.

nomistic
  • 2,677
  • 4
  • 16
  • 34
2

Vague question, but considering the the heading, mysqli and PDO are same thing (almost same).

PDO is platform independent but mysqli is only for mysql database engine. if you are not going to make corporate level applications like some SaaS app then I suggest use mysqli.

If your app is always gonna be php & mysql, then why bother using PDO? There is not much benefit in using it.

I disagree with nomistic that mysqli is not as secure. Both PDO and mysqli can have non prepared queries. Both are equally secure.

PDO have one benefit I like, Named Parameter in prepared statements. So PDO is 1 step ahead.

Yo may like this post: pdo-vs-mysqli-which-should-you-use

Bsienn
  • 1,312
  • 2
  • 18
  • 30
  • 2
    I did not say it was not as secure, except for the possibility of human error in coding. I said that the danger of the human element within using escaped values can lead to a mistake. As long as you use prepared statements, it is just as secure :) – nomistic Apr 11 '15 at 20:53