Jump to content

PDO - If you are not using it, you are a fool


webdevuser

Recommended Posts

Hello guys,

 

It is my first thread here, I did not intend to make one, but I saw a lot of you are using 

 

mysql_connect()
mysql_query()

 

please, don't!

 

PDO : PHP Data Objects

 

If you read this article :

http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/

 

you will probably understand why you should be using PDO, and if you still don't, please ask, I will do my best to convert you to use better programming practices ;)

Edited by Danny.Domb
Link to comment
Share on other sites

If I don't use it, I am a fool?!!! Isn't that a bit harsh? Since you have brought it up, what exactly happens if I don't use it? Will my coding fall apart if I don't use it?

 

Yeah, maybe it is a bit harsh, but it is catchy as hell for a title ;)

 

Basically, in the long terms, yes it will. Don't take me wrong, it won't fall in a month, but let says, if php were to release the final version of PHP 5.5 tomorrow and your host updated their servers that pretty means, that every time a user would load page, for every request made your would have a warning in your logs.

 

Also, depending on your how many requests are made, you can check Google it if you don't believe me, but it will relieve the stress made to your server up to 30%... which in the long terms means a lot of resources saved.

 

Every prepared request made through PDO is almost a 100% perfectly safe (Nothing, and I mean nothing is ever 100% safe).

 

So, yeah... why are you not using it, PDO is better than mysql_* functions in every way...

Link to comment
Share on other sites

Hmmm, now that you have explained it, it sounds like something worth exploring. Now, I have a very limited knowledge of php. So please bear with me while I try to get my head round this PDO thing. Does it work like a routing kind of thing?

 

Yeah it does work LIKE a routine, but it is not. Everytime you send a request to your database, it is analysed, so imagine the following code :

 

for ($i = 0; $i < 1000; $i++)
{
    mysql_query('INSERT INTO table (value) VALUES ('.mysql_real_escape_string($i).');');
}

 

you just done a thousand queries... which is slow for 2 main reason,

First of all, mysql will analyze your query everytime to understand what it has to do (INSERT DATA, Which table, which columns);

and

mysql_real_escape_string will use non optimized functions to make sure the data inserted by the user is "safe".

 

VS the following

 

$sth = $dbh->prepare('INSERT INTO table (value) VALUES (:value)');

for ($i = 0; $i < 1000; $i++)
{
    $sth->bindValue(':value', $i);
    $sth->execute();
}

 

Where pdo will prepare your request to mysql so, instead of being analyze 1000X it is only analyze once.

Then, bindValue will always make sure the data inserted is 100% safe of SQL injections.

 

Also, PDO allows to begin transaction and rollback or commit the modification if their was an error. Allowing you more control on what data is sent to your database.

Link to comment
Share on other sites

  • 7 months later...
  • 4 months later...

The best thing about using PDO is - Lesser Code and lesser worry.

 

With the traditional mysql set of instructions which are now presumed to be faded away, we did have to take care of all kind of possible SQL injections (and this was really hectic in case you did not have a correctly coded and prepared library). With PDO, things have become much easier.

 

Again, with PDO, changing of the Database to MySQL or Oracle Or even MSSQL (practially any other) means, change of just a single or two lines of code.

Link to comment
Share on other sites

  • Administrators

The best thing about using PDO is - Lesser Code and lesser worry.

 

With the traditional mysql set of instructions which are now presumed to be faded away, we did have to take care of all kind of possible SQL injections (and this was really hectic in case you did not have a correctly coded and prepared library). With PDO, things have become much easier.

 

Again, with PDO, changing of the Database to MySQL or Oracle Or even MSSQL (practially any other) means, change of just a single or two lines of code.

That's interesting didn't know this.

 

So still wondering is there any pros/cons between mysqli and pdo?

Link to comment
Share on other sites

That's interesting didn't know this.

 

So still wondering is there any pros/cons between mysqli and pdo?

Well, I think this link from NetTuts should clarify better -

http://net.tutsplus.com/tutorials/php/pdo-vs-mysqli-which-should-you-use/

 

One simpler reason is the fact that mySQLi works only with MySQL Database (though I have never used this MySQLi, but the page above says so) however, the PDO supports many Databases (12 as per the page above). Now this makes things easier, when in future, the website or the owners need to change the database. In PDO only a few (3 or 4) lines might be requied to be changed, all other code remains same; unlikely with MySQLi or even MySQL.

Link to comment
Share on other sites

  • 4 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...