Accessing mySQL Databases from PHP

The original interface for accessing mySQL databases from PHP that was around even before PHP 3 was released used procedural functions where the names start with mysql_

The release of PHP 5.0 on 13th July 2004 introduced an improved interface called MYSQLi that has both procedural and OOP variants. This was soon followed by another OOP alternative called PDO.

On 20th June 2013 the old mysql interface was deprecated (flagged as obsolete in preparation to be removed) with the introduction of PHP 5.5. By that point the two far superior interfaces had been around for almost nine years and had been the recommended way way to access mySQL for many years. This gave those who had not yet converted from the antiquated interface to one of the two newer ones almost two and a half years notice that they needed to convert their calls.

The introduction of PHP 7 currently scheduled for 3rd December 2015 carries out the second step of the deprecation process by removing support completely for the code previously flagged as obsolete.

What is really worrying is the number of people asking for help with their PHP database calls who appear to have failed to convert to one of the interfaces introduced over eleven years ago and still use the old interface even though it was flagged as obsolete over two years ago and will no longer exist in a few days. Fortunately for them they can still stick with the old PHP 5.6 version that does support the obsolete interface (at least until active support for it ends on 28th August next year) and so still have another six months to complete their conversion provided their hosting provider doesn’t force them to upgrade earlier than that.

If you are still using mysql_ calls then what are you waiting for - stop reading and get converting as you are already at least two and a half years behind in ensuring your code will continue to work next week.


Another note to add to @felgall’s post is that if you are thinking about converting to mysqli_*, by appending an i after mysql_ will not simply work. You have to actually understand how mysqli_* works and what to use and what not to use.

1 Like

I will add my 2 pennies.
We were working on a PERL script and my colleague was proud that he got a SQL query working using DBI (Similar to PDO).
Problem was he did not use BIND or placeholders, just standard injection ready queries, something like,
WHERE username = $_REQUEST['username']

I was surprised it worked but make sure you BIND with placeholders or you are defeating the purpose.

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.