----- Original Message -----
From: "Ashley Sheridan" <ash@xxxxxxxxxxxxxxxxxxxx>
To: <dealtek@xxxxxxxxx>
Cc: "PHP List" <php-general@xxxxxxxxxxxxx>
Sent: Wednesday, March 02, 2016 8:04 PM
Subject: Re: Trying to Play Catch-Up & get the Bigger Picture
On Wed, 2016-03-02 at 08:50 -0800, dealtek@xxxxxxxxx wrote:
Hi all,
A bit of a layman - general question trying to get the bigger picture...
It has been a few years since I have used PHP with MySQL database. I
understand that the older original MySQL extension has been deprecated,
In favor of MySQLi or PDO_MySQL extensions..
Currently, I am looking into building so mobile friendly Apps/Websites
that use JavaScript (json - jQuery etc.) css and html5 on the front end,
And PHP and MySQL on the backend.
So the question is, big picture, What is the best way to interface with
MySQL for this purpose? Would I use:
- MySQLi
- PDO_MySQL (Am I correct in assuming that PDO is helpful if one may need
to move to another database system in the future?)
- or maybe web services REST
- or ???
Any links to this general subject would be helpful/
--
Thanks,
Dave - DealTek
dealtek@xxxxxxxxx
[db-15]
Personally I'd always go with PDO, and not because it allows you to
change the DB backend (I don't know anyone who's ever done this) but
because it offers parameterised queries (prepared statements) to
safeguard against a lot of injection attempts:
$pdo = new \PDO(
"mysql:dbname=$dbname;host=$dbhost",
$dbuser,
$dbpass,
array(
\PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
)
);
$statement = $pdo->prepare('SELECT * FROM table WHERE field1 = ? AND
field2 = ?');
$statement->execute(array(1234, 'some string'));
The beauty of this is you don't need to worry about the variables that
you're passing in too much, PDO will sanitise them as required for the
database backend you're using.
You can also reuse the prepared statements, but that's a feature I've
not used, as it usually indicates an issue with my PHP logic that I'm
executing the same statement multiple times)
Thanks,
Ash
http://www.ashleysheridan.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php