On Nov 8, 2007, at 9:58 AM, Anthony Wlodarski wrote:
I usually created my SQL queries using sprint() and
mysql_real_escape_string() but this morning through an associate I
was informed of this thing called PDO shipping with PHP 5.1 and
higher. I did a little research on what it does and was thrilled
about the potential uses for it. My question is though what are its
potential uses? I had a chance to preview bindParam for prepared
statements and was like this is awesome! Also does PDO help escape
strings or is something like mysql_real_escape_string() always a
necessity?
I believe PDO bindParam works the same as prepared statements in
mysqli. So mysql_real_escape_string isn't necessary. It's done
internally. The advantage of PDO over mysqli is that it's portable to
other databases. You do get a little overhead vs. working with mysqli
directly. But you know your code is portable. Was anyone else
completely annoyed by the way most of the params were switched between
mysql and mysqli where the db link was required and put as the first
param in most functions?
Some notes about why to use emulated instead of native prepared
statements by Wez Furlong (Digg developer):
http://netevil.org/blog/2006/apr/using-pdo-mysql
PDO is faster than most libraries that provide database abstraction
(like the PEAR libraries). ADOdb is comparable if you make use of
ADOdb's c extension.
http://joseph.randomnetworks.com/archives/2006/04/04/php-database-functions-vs-peardb-vs-adodb
MySQL supposed to be developing a native php driver (instead of using
c to interface with libmysql) for mysqli and eventually PDO which
should be awesome:
http://blogs.mysql.com/kaj/?p=71
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
