3

Since i found an information that PHP's MySQL extension has some potential security weaknesses and it's preety old, should i not bother with learning it and just check out PDO and MySQLi extension?

Is there any real difference between them?

Will learning all three give me benefit or is it enough to learn just one, or two of them?

What do they differ from, except that one is procedural, and the other is OO (the 2nd and 3rd extension i mean).

Tool
  • 10,875
  • 15
  • 64
  • 116
  • 2
    When the decision is between mysql and pdo, then the answer is pdo. It's a different story when you ask for mysqli and pdo. Then the answer would be, learn pdo if you need the abstraction, but learn mysqli when you know your db won't change. – Gordon Dec 17 '10 at 16:18
  • @Gordon what would the benefit be of using mysqli when you know your db won't change? Does it offer any benefits over PDO such as improved performance? – Caltor Nov 24 '11 at 10:19
  • @Caltor see http://stackoverflow.com/questions/13569/mysqli-or-pdo-what-are-the-pros-and-cons – Gordon Nov 24 '11 at 10:27
  • @Gordon I typically found that too after I posted the comment above. Thanks though. Looks like general consensus is PDO is much better but mysqli has marginal speed benefit. – Caltor Nov 24 '11 at 17:52

2 Answers2

4

MySQL and MySQLi act almost the exact same. I don't know that you can say "learn one over the other". Really, there isn't a problem with security with the standard MySQL extension as long as you know what you're doing; Mainly, using mysql_real_escape_string.

PDO is good, and I actually do recommend it though. Using prepared statements eliminates the need for using m_r_e_s().

All three extensions are not at all difficult to learn. The most difficult part (which is library independent), is learning SQL.

simshaun
  • 20,601
  • 1
  • 51
  • 69
  • 2
    the `MySQLi` extension has full support for prepared queries as well. The only way I'd give support for PDO *over* MySQLi is if you're using multiple database platforms (where the common syntax means only one thing to learn). Otherwise, it's personal preference which you use as both are fully capable... – ircmaxell Dec 17 '10 at 16:10
1

I would highly recommend using PDO in all new projects for maintainability reasons.

The easiest way to think about this is to turn the tables (I've been playing Phoenix Wright games again). If you're coming in as a maintenance programmer on a system that uses Postgres, would you rather have to learn the Postgres PHP extension, or just apply the PDO knowledge you already have?

Powerlord
  • 82,184
  • 16
  • 119
  • 164