First, let's begin with the standard comment we give everyone:
Please, don't usemysql_*functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO orMySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
Let's go through this, sentence by sentence, and explain:
- They are no longer maintained, and are officially deprecatedThis means that the PHP community is gradually dropping support for these very old functions. They are likely to not exist in a future (recent) version of PHP! Continued use of these functions may break your code in the (not so) far future.NEW! - ext/mysql is now officially deprecated as of PHP 5.5!
Newer! ext/mysql has been removed in PHP 7
- Instead, you should learn of prepared statements -
mysql_*extension does not support prepared statements, which is (among other things) a very effective countermeasure against SQL Injection. It fixed a very serious vulnerability in MySQL dependent applications which allows attackers to gain access to your script and performany possible query on your database.For more information, see How can I prevent SQL-injection in PHP? - See the Red Box?When you go on any
mysqlfunction manual page, you see a red box, explaining it should not be used anymore. - Use either PDO or MySQLiThere are better, more robust and well built alternatives, PDO - PHP Database Object, which offers a complete OOP approach to database interaction, and MySQLi, which is a MySQL specific improvement.
##############################################################
Disclaimer: The Best answers from stackoverflow.com has been listed here.
No comments:
Post a Comment