Jump to content
webdevuser

PDO - If you are not using it, you are a fool

Recommended Posts

Hello guys,

 

It is my first thread here, I did not intend to make one, but I saw a lot of you are using 

 

mysql_connect()
mysql_query()

 

please, don't!

 

PDO : PHP Data Objects

 

If you read this article :

http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/

 

you will probably understand why you should be using PDO, and if you still don't, please ask, I will do my best to convert you to use better programming practices ;)

Edited by Danny.Domb

Share this post


Link to post
Share on other sites
If I don't use it, I am a fool?!!! Isn't that a bit harsh? Since you have brought it up, what exactly happens if I don't use it? Will my coding fall apart if I don't use it?

 

Yeah, maybe it is a bit harsh, but it is catchy as hell for a title ;)

 

Basically, in the long terms, yes it will. Don't take me wrong, it won't fall in a month, but let says, if php were to release the final version of PHP 5.5 tomorrow and your host updated their servers that pretty means, that every time a user would load page, for every request made your would have a warning in your logs.

 

Also, depending on your how many requests are made, you can check Google it if you don't believe me, but it will relieve the stress made to your server up to 30%... which in the long terms means a lot of resources saved.

 

Every prepared request made through PDO is almost a 100% perfectly safe (Nothing, and I mean nothing is ever 100% safe).

 

So, yeah... why are you not using it, PDO is better than mysql_* functions in every way...

Share this post


Link to post
Share on other sites

Hmmm, now that you have explained it, it sounds like something worth exploring. Now, I have a very limited knowledge of php. So please bear with me while I try to get my head round this PDO thing. Does it work like a routing kind of thing?

Share this post


Link to post
Share on other sites
Hmmm, now that you have explained it, it sounds like something worth exploring. Now, I have a very limited knowledge of php. So please bear with me while I try to get my head round this PDO thing. Does it work like a routing kind of thing?

 

Yeah it does work LIKE a routine, but it is not. Everytime you send a request to your database, it is analysed, so imagine the following code :

 

for ($i = 0; $i < 1000; $i++)
{
    mysql_query('INSERT INTO table (value) VALUES ('.mysql_real_escape_string($i).');');
}

 

you just done a thousand queries... which is slow for 2 main reason,

First of all, mysql will analyze your query everytime to understand what it has to do (INSERT DATA, Which table, which columns);

and

mysql_real_escape_string will use non optimized functions to make sure the data inserted by the user is "safe".

 

VS the following

 

$sth = $dbh->prepare('INSERT INTO table (value) VALUES (:value)');

for ($i = 0; $i < 1000; $i++)
{
    $sth->bindValue(':value', $i);
    $sth->execute();
}

 

Where pdo will prepare your request to mysql so, instead of being analyze 1000X it is only analyze once.

Then, bindValue will always make sure the data inserted is 100% safe of SQL injections.

 

Also, PDO allows to begin transaction and rollback or commit the modification if their was an error. Allowing you more control on what data is sent to your database.

Share this post


Link to post
Share on other sites

The best thing about using PDO is - Lesser Code and lesser worry.

 

With the traditional mysql set of instructions which are now presumed to be faded away, we did have to take care of all kind of possible SQL injections (and this was really hectic in case you did not have a correctly coded and prepared library). With PDO, things have become much easier.

 

Again, with PDO, changing of the Database to MySQL or Oracle Or even MSSQL (practially any other) means, change of just a single or two lines of code.

Share this post


Link to post
Share on other sites

The best thing about using PDO is - Lesser Code and lesser worry.

 

With the traditional mysql set of instructions which are now presumed to be faded away, we did have to take care of all kind of possible SQL injections (and this was really hectic in case you did not have a correctly coded and prepared library). With PDO, things have become much easier.

 

Again, with PDO, changing of the Database to MySQL or Oracle Or even MSSQL (practially any other) means, change of just a single or two lines of code.

That's interesting didn't know this.

 

So still wondering is there any pros/cons between mysqli and pdo?

Share this post


Link to post
Share on other sites

That's interesting didn't know this.

 

So still wondering is there any pros/cons between mysqli and pdo?

Well, I think this link from NetTuts should clarify better -

http://net.tutsplus.com/tutorials/php/pdo-vs-mysqli-which-should-you-use/

 

One simpler reason is the fact that mySQLi works only with MySQL Database (though I have never used this MySQLi, but the page above says so) however, the PDO supports many Databases (12 as per the page above). Now this makes things easier, when in future, the website or the owners need to change the database. In PDO only a few (3 or 4) lines might be requied to be changed, all other code remains same; unlikely with MySQLi or even MySQL.

Share this post


Link to post
Share on other sites

I could say you have a point, but I don't believe it's all that necessary. There are just a lot of options out there on what to do/dont.

I like both to be honest, but PDO is something I learnt about prior to mysqli, so I'll have to go with it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×