On 10/17/12 10:17 AM, Matijn Woudt wrote:
On Wed, Oct 17, 2012 at 1:25 AM, Larry Garfield <la...@garfieldtech.com> wrote:

For the love of god, please stop using ext/mysql (aka the mysql_*
functions).  It's insecure and slow and lacks features.

Instead, use PDO, and bind your parameters.  As a nice bonus, the result
from a PDO-based query is not a raw resource but an iteratable object, which
means you can foreach() it.


$conn = new PDO(...);
$result = $conn->query("SELECT * FROM items");
foreach ($result as $record) {
   // Do something with each record here.

--Larry Garfield

Yes, the mysql extension is deprecated, but what's wrong with mysqli?
mysqli has the advantage that you don't need to keep a database handle
floating around, but you can just use mysqli_query everywhere.
When having multiple files and classes, it's terrible to pass $db to
each function/class, and I hate to use the global keyword.

just use while($record = $result->fetch_array()) instead of
foreach($result as $record)

And you mention ext/mysql is slow, well don't know about that, but PDO
is a bit slower than mysqli atleast.
I quote from [1]:
"For inserts, there was no significant difference between MySQLi and
PDO (prepared statements or not). For selects, MySQLi was about 2.5%
faster for non-prepared statements and about 6.7% faster for prepared
statements. "

- Matijn

[1] http://jnrbsn.com/2010/06/mysqli-vs-pdo-benchmarks

Nothing is wrong with mysqli per se. It's up to date and secure, and certainly better than ext/mysql. I recommend PDO over mysqli because:

1) PHP-engine-level global state (ie, not specifying a connection) is the source of most (although not quite all) evil. Really, that way lies pain once you get into anything reasonably complicated and want to be able to test it properly.

2) PDO is installed by default on virtually every PHP system in the world. ext/mysqli has never been part of the default build of PHP, and many to most web hosts don't have it installed.

3) mysqli's API is a bizarre hybrid of procedural and OO that confuses the heck out of me. PDO's is far from perfect, but is more consistent and cleanly OO from the get-go.

I skipped mysqli entirely and went straight to PDO when it became available.

--Larry Garfield

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to