PHP Classes

This is a good thing

Recommend this page to a friend!

      PHP MySQL to MySQLi  >  PHP MySQL to MySQLi package blog  >  MySQL Extension, Goin...  >  All threads  >  This is a good thing  >  (Un) Subscribe thread alerts  
Subject:This is a good thing
Summary:This is a good thing
Messages:3
Author:Dave Wilson
Date:2015-07-02 11:07:50
 

  1. This is a good thing   Reply   Report abuse  
Picture of Dave Wilson Dave Wilson - 2015-07-02 11:07:50
We need to remind ourselves why mysql_connect is going away. First and foremost it has bad garbage collection, especially in mysql_pconnect. Not to mention mysqli and pro handle sql injection prevention on their own, without the new developers having to sanitize input. While it does help new developers to learn this, many don't so there's a lot of code floating around still vulnerable.

  2. Re: This is a good thing   Reply   Report abuse  
Picture of Dave Smith Dave Smith - 2015-07-02 12:39:28 - In reply to message 1 from Dave Wilson
While I agree, that in the long run this change will be a good thing, there will be some blow back initially.

It is also probably not the best idea to leave new developers with the idea that they no longer need to sanitize user input. I believe the best practice is to use prepared statements over relying on MySQLi, which is still vulnerable.

Dave

  3. Re: This is a good thing   Reply   Report abuse  
Picture of Dave Wilson Dave Wilson - 2015-07-02 20:25:26 - In reply to message 2 from Dave Smith
Correct. And thus I feel that mysqli is still capable of inherently teaching these concepts, and still offers PDO as a more rock solid solution. The great thing about mysqli over mysql is it has object oriented and procedural methods, so it can be in a sense a better learning gateway towards OOP based queries.