On Wed, 2016-03-02 at 21:34 +0100, Christoph Becker wrote: > On 02.03.2016 at 20:04, Ashley Sheridan wrote: > > > On Wed, 2016-03-02 at 08:50 -0800, dealtek@xxxxxxxxx wrote: > > >> So the question is, big picture, What is the best way to interface with MySQL for this purpose? Would I use: > >> > >> - MySQLi > >> - PDO_MySQL (Am I correct in assuming that PDO is helpful if one may need to move to another database system in the future?) > >> > >> - or maybe web services REST > >> - or ??? > > > > Personally I'd always go with PDO, and not because it allows you to > > change the DB backend (I don't know anyone who's ever done this) but > > because it offers parameterised queries (prepared statements) to > > safeguard against a lot of injection attempts: > > MySQLi also offers prepared statements, see > <http://php.net/manual/en/mysqli.prepare.php>. :) > But you have to distinguish what's a string and what's a number yourself, PDO just handles all of that automatically. Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
