MySQLi connection

as4s1n

as4s1n

New Member
Messages
174
Reaction score
4
Points
0
What is the difference between a mysql connection and a mysqli connection? I was reading a PHP book that uses mysqli connection and has a way to make sure sql injections do not happen using the mysqli_real_escape_string(). Would I have to change the way I form my queries at all or is it just a different mysql connection type? (assuming $query = "SELECT fields FROM table_name";)
 
M

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
"mysql" is the oldest MySQL driver. It was replaced with mysqli, which supports an OO interface, prepared statements (via mysqli::prepare) and many other improvements. Note that the old mysql driver has its own quoting function (mysql_real_escape_string), but prepared statements are the more modern approach because they leave less room for mistakes and are easier to use, from a security standpoint. Even newer than mysqli is PDO, which has even more features, such as a broader prepared statement interface (with mysqli, you must bind the columns in a result of a prepared statement to variables; with PDO, you can simply fetch them as a row, as with mysql_fetch_row) and the result rows of a query can be iterated over in a foreach loop, since PDOStatement implements the Traversable interface.

PHP: 
$query = $db->prepare('SELECT id, name, passwd, last_login FROM users WHERE name=?');
$query->execute(array('fred'));
foreach ($query as $row) {
    ...
}

See "Writing MySQL Scripts with PHP and PDO" for a tutorial on using PDO.
 
You must log in or register to reply here.
Top