(Solved) Why shouldn’t I use mysql_* functions in PHP?

by

Introduction

Solution

The mysql_* functions in PHP are deprecated and no longer supported. They are also vulnerable to SQL injection attacks, which can be used to gain access to sensitive data. Additionally, the mysql_* functions are not compatible with the newer versions of PHP, so using them can lead to compatibility issues. For these reasons, it is best to avoid using the mysql_* functions in PHP.


The MySQL extension:

  • Is not under active development
  • Is officially deprecated as of PHP 5.5 (released June 2013).
  • Has been removed entirely as of PHP 7.0 (released December 2015)
    • This means that as of 31 Dec 2018 it does not exist in any supported version of PHP. If you are using a version of PHP which supports it, you are using a version which doesn’t get security problems fixed.
  • Lacks an OO interface
  • Doesn’t support:
    • Non-blocking, asynchronous queries
    • Prepared statements or parameterized queries
    • Stored procedures
    • Multiple Statements
    • Transactions
    • The “new” password authentication method (on by default in MySQL 5.6; required in 5.7)
    • Any of the new functionality in MySQL 5.1 or later

Since it is deprecated, using it makes your code less future proof.

Lack of support for prepared statements is particularly important as they provide a clearer, less error-prone method of escaping and quoting external data than manually escaping it with a separate function call.

See the comparison of SQL extensions.

5

solved Why shouldn’t I use mysql_* functions in PHP?


The mysql_* functions in PHP are deprecated and should no longer be used. These functions were used to access and manipulate data stored in MySQL databases. However, they are no longer supported and have been replaced by the MySQLi and PDO extensions.

The main reason why you should not use the mysql_* functions is that they are not secure. They are vulnerable to SQL injection attacks, which can be used to gain access to sensitive data. Additionally, they do not support prepared statements, which are necessary for preventing SQL injection attacks.

The MySQLi and PDO extensions are more secure and provide better performance. They also support prepared statements, which can help protect against SQL injection attacks. Additionally, they provide an object-oriented interface, which makes it easier to work with databases.

In conclusion, the mysql_* functions should not be used in PHP. They are not secure and do not provide the same level of performance as the MySQLi and PDO extensions. It is recommended that you use the MySQLi or PDO extensions instead.