SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    *********! *********!!! jackli's Avatar
    Join Date
    Sep 2005
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PDO instead of mysql legacy functions

    I've been under the impression that using any objects/classes in PHP would create unnecessary overhead, but looking at PDO again, it seems like it's actually compiled into PHP - and is as fast as the mysql_ legacy function?

    I know that PDO is db-language-independent, but does it do everything that mysql_real_escape_string would do in preventing injection attacks and other security issues?

    Is there any reason to use the mysql_ functions (and not PDO)?

    (The book I'm currently reading to learn about PDO is Oreiley's PHP Cookbook, 2nd Ed by Adam Trachtenberg and David Sklar)

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jackli View Post
    I know that PDO is db-language-independent, but does it do everything that mysql_real_escape_string would do in preventing injection attacks and other security issues?
    Yup and it does it correctly based on the data type of the db field. Prepared statements is the way to go really.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jackli View Post
    I've been under the impression that using any objects/classes in PHP would create unnecessary overhead ..
    Technically speaking, objects incur a slight overhead, just like a function call incurs an overhead. It is dimminishingly small however. With modern computers, which can churn out billions of instructions a second, a few extra doesn't make much difference. Especially in comparison to the overhead there is in querying a database, which is litteraly larger by several magnitudes. In short, don't worry about object oriented constructs causing any performance problems.

  4. #4
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,068
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    I don't think it is quite 100% db-language independent as each sql server has it's own version of some commands. I've also heard that PDO can't do some things that the legacy ones can (I can't find a list of all the limitations in one place).
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  5. #5
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    ^^^ That is because PDO is a "data-access abstraction layer" only.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •