Recently the PHP manual started showing the following warning on every mysql function page:
Use of this extension is discouraged. Instead, the MySQLi or
PDO_MySQL extension should be used. See also MySQL: choosing an API
guide and related FAQ for more information...
MySQLi used to be very buggy, but have they improved it so that it's finally worthy of its name? Is that why they're abandoning the MySQL extension and trying to get people to use MySQLi?
Actually, I would like to use MySQLi if it's not buggy anymore. It has more features and it's object oriented.
Any comments on this?
//EDIT: What I want to know is if it's OK to use MySQLi. Or is it still buggy? Should I go with PDO instead?
Yes. Since (very) long. We now have mysqli, or better yet, PDO.
I wouldn't lock myself into mysqli, I'd prefer PDO. Beside the easier migration it offers from one database system to another, it also offers better error handling.
What I want to know is if it's OK to use MySQLi. Or is it still buggy?
MySQLi itself is quite bug-free and it's used in production.
Should I go with PDO instead?
If your only argument for using mysqli is its similarity to mysql, then you'd probably not use mysqli to its full potential anyway. If you want to use mysqli to its full potential, then you'd have to start learning "anew" (it's not terribly much to learn, you know). If you start learning some new tool from "scratch", then why not learn the better alternative - PDO, in the first place?
On the other side, PDO is not perfect either. With PDO, you cannot access MySQL specific APIs (such as post-construct set_charset, infile settings, async queries, OUT params from prepared statements). Also, you should set it to do true prepared statements if you need them.
The PHP MySQLi is an MySQL Improved Extension.
The mysqli extension allows you to access the functionality provided by MySQL 4.1 and above.
You can compare both of them at The MySQLi Extension Function Summary.
If you are searching for a future proof solution, object oriented, the way to go is PHP PDO.
The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP. Each database driver that implements the PDO interface can expose database-specific features as regular extension functions.
...
PDO provides a data-access abstraction layer, which means that, regardless of which database you're using, you use the same functions to issue queries and fetch data.
Yes you can go with MySQLi and what you write is true, the API allows an easy change from the MySQL API.
For new projects it's recommended to not use ext/mysql any longer, but to use ext/mysqli or PDO_MySQL.
As you have not written what was buggy for you back in 2009, it's hard to say if these bugs are gone. I would assume so, but, well, check for yourself.
You might want to also use ext/mysqli with the MySQL native driver instead of the MySQL client server library (libmysql).
It was about time. The mysql API, though easy to use, suffers from many problems. Arguably the worst problem is the complete lack of support for prepared statements, which forces you to piece together bits of SQL through string operations. This is not only slow but also a major source of SQL injection vulnerabilities.
One of the advantages of PDO over MySQLi is that you'll find that you don't have to learn a new API when you decide to use a different DBMS in a future project.
Related
hello I have an assignment that asking me to give at least one disadvantage of using php's MySQLi library over php's MySQL .. I don't see any .. can any one give me some disadvantage because I can never find one
MySQLi has this feature called prepared statements which is nothing but a safer way of sending data to MySQL and protecting yourself from getting hacked using SQL injection. This is the foremost reason why one should always prefer MySQLi over MySQL.
MySQLi extension has been specifically developed to take advantage of the new features available in MySQL Server version 4.1.3 and above. So the thing is if you still use the MySQL extension then you might not be able to take full advantage of the new MySQL server features.
MySQLi is object orientated and a lot has already been talked about how useful Object Oriented programming is.
MySQLi supports multiple Statements, Complex Transaction statements and has enhanced debugging capabilities and embedded server support.
This question already has answers here:
mysqli or PDO - what are the pros and cons? [closed]
(13 answers)
Closed 1 year ago.
Just writing a PHP website and using mySqli for my database connectivity. Really enjoying it as I can use Prepare statements and then do a $result = $stmt->get_result(); which loads results into an associated array. However, thought it best be time to upload a few pages and the DB to hosting site to test speed and such to find that it does not support the $stmt->get_result(); command, having it needing to use the mysqlnd driver which my host does not support.
Looking into this nor does many host providers either. Now when I started the website I looked back at some of my old PHP code and apparently the normal mySql code that I used to use has become obsolete and was told on the internet to use mySQLi instead only to find that support for this is dropping to?! so it would see, so what is the best mySql connectivity to use?
I would not use any old mysql connectors at all. They are deprecated due to huge gaping security holes. As for whether you want to use prepared statements using mysqli or PDO, that is a matter of choice; they both are pretty secure. mysqli is good as long as you use prepared statements and don't rely on escaping your variables (which is a huge pain and easy to make a mistake, so therefore not as secure).
The advantages of using PDO is that is easier to move between different database types (e.g. if you want to work with Oracle or SQL Server or PostreSQL) it is easier to make the transition, and it is far more powerful if you like to work with classes. On this site you will generally find more people who prefer PDO.
Also as for support for mysqlnd? See below documentation from the official site:
PHP 5.4 has mysqlnd as default
As of PHP 5.4, the mysqlnd library is a php.net compile time default
to all PHP MySQL extensions. Also, the php.net Windows team is using
mysqlnd for the official PHP Windows distribution since mysqlnd became
available in PHP 5.3
In other words, those web host providers are behind the times. You might want to look for a better one.
Vague question, but considering the the heading, mysqli and PDO are same thing (almost same).
PDO is platform independent but mysqli is only for mysql database engine. if you are not going to make corporate level applications like some SaaS app then I suggest use mysqli.
If your app is always gonna be php & mysql, then why bother using PDO? There is not much benefit in using it.
I disagree with nomistic that mysqli is not as secure.
Both PDO and mysqli can have non prepared queries. Both are equally secure.
PDO have one benefit I like, Named Parameter in prepared statements. So PDO is 1 step ahead.
Yo may like this post:
pdo-vs-mysqli-which-should-you-use
I'm using PDO and I got this message, but from what I found I thought PDO actually implemented mysqli.
You are using PHP's deprecated 'mysql' extension, which is not capable
of handling multi queries. The execution of some stored routines
may fail! Please use the improved 'mysqli' extension to avoid any
problems.
Why do I get this message, then?
This is almost like asking what's the difference between DOMDocument and SimpleXML or what's the difference between php and python. They're different libraries, although they're both for interfacing with a MySQL database server.
PHP has done quite a nice job of cataloging the differences
Mysql doesn't support for running multiple queries at a time. Mysql also doesn't support for prepared statement. Because of that you have to use Mysqli, it supports both.
There are a lot of discussion on this topic previously. You better search on the Internet (Even only in the Stackoverflow).
Like:
What is difference between mysql,mysqli and pdo?
Difference between mysqli and mysql?
You need to do more research man. Think critically and be a programmer. ;)
I thought PDO actually implemented mysqli.
Nice question but false though.
PDO implements the interface so that you can use all Database System. So, it just can't implement some features from mysqli as they require some special features that are not yet emulated for SQLite for example ! You can find similar issues when you compare PDO and pgsql_ API.
There is a tutorial I'd like to follow which has some great reviews. The only problem being it makes use of MySQLi instead of MySQL. I only have access to MySQL.
Are there big enough differences to warrant looking for a straight PHP-MySQL tutorial or is it worth just going with this one and making changes myself?
I would say I am a 'beginner' with both PHP and MySQL, but can find my way around the code fine, apply CRUD etc so not completely new.
MySQLi is PHP's "improved" MySQL driver. Meaning it will take full advantage of MySQL servers version higher than 4.1.3.
Then underlaying MySQL server would be the same, using the old MySQL interface or the newer MySQLi, so everthing should remain valid if you are following a MySQL tutorial on a MySQLi interface.
In your case, you should pay attention to MySQLi only stuff since they won't be avaliable to you.
Quote from the official website:
What is PHP's mysqli Extension?
The mysqli extension, or as it is
sometimes known, the MySQL improved
extension, was developed to take
advantage of new features found in
MySQL systems versions 4.1.3 and
newer. The mysqli extension is
included with PHP versions 5 and
later.
The mysqli extension has a number of
benefits, the key enhancements over
the mysql extension being:
Object-oriented interface
Support for Prepared Statements
Support for Multiple Statements
Support for Transactions
Enhanced debugging capabilities
Embedded server support
It shouldn't be too hard to make the necessary adjustments. If you look at PHP's MySQL functions vs the MySQLi functions functions the main difference is that MySQLi is an object-oriented interface. Converting back to the regular MySQL functions is usually quite easy, for example: $rs->affected_rows becomes mysql_affected_rows($rs).
As #hexa pointed out, there are a couple things in MySQLi that the old interface doesn't support, such as prepared queries. If the tutorial involves those, it's not that hard to convert them to regular queries, it's just a bit of a hassle.
I've been using ADODB for PHP on several projects for quite some time, and I like it for the ease of use and the efficiency.
I've never been too curious about the way that lib accesses data because you know...it just worked :) But today I realized I'm still relying on the legacy MySQL4 ADODB drivers. I'm using MySQL 5.x, and it would probably be better if I started using a recent driver with ADODB.
But there are two drivers I could use :
adodb-mysqli.inc.php
adodb-pdo_mysql.inc.php
From what I read mysqli is pretty similar to the old mysql extension, optimized for MySQL5, while PDO is a layer between PHP and various DB systems (including MySQL of course).
Which one of these driver do you use ? Which one do you think I should use, and more importantly why should I prefer mysqli over PDO_mysql (or the opposite) ?
Answer : After a few days and some deep code reading, I ended up using the "adodb-mysqli.inc.php" driver. On a kinda-trafic-heavy site, I noticed the DB load went slightly down, and the network trafic between the web server and the db server went down by about 6.5%, which is good.
The PDO-mysql driver is probably pretty good too, but as said below, it doesn't make much sense to use ADODB over PDO. So mysqli it is.
All tests point towards PDO being the most efficient and the fastest driver. I do not know, however, if it makes sense to use PDO over AdoDB
I may be wrong but from what I remember of looking at the drivers, binding of variables in statements is emulated in the adodb mysqli driver despite the mysqli extension supporting binding. The pdo_mysql driver does however do the binding using the extension, so if you are using this you may get better performance.
Also might be worth adding that I think if you want to use the pdo drivers with adodb you have to use a different connection syntax and pass a DSN, there was an example in the docs. I struggled to get it to work for a bit because I didn't read this.