I'm fairly new to PHP and have built a medium sized website using standard MySQL database calls. However, I have recently learned about PDO and I am hoping to find out from the community if it is worth switching from MySQL over to PDO. For security I have been using mysql_real_escape_string
.
Info about the site:
I'm using a mix of INSERT
and SELECT
calls. The data returned from SELECT
calls isn't massive (no more than 30 records returned by using LIMIT
). There will also not be a whole lot of INSERT
s. The site is currently not live and so making changes now is easy.
In your professional opinions, is it worth my time to switch the site over to PDO from MySQL? Or is staying with MySQL just as good? Or in other words, what would be the reason, if any, to switch to PDO now?
PDO also supports client side queries. This means that when it prepares a query, it does not have to communicate with the server. Since MySQLi uses native prepared statements, it will may actually be faster to use mysqli_real_escape_string instead of using prepared statements, while it is still a secure solution.
MySQLi is a replacement for the mysql functions, with object-oriented and procedural versions. It has support for prepared statements. PDO (PHP Data Objects) is a general database abstraction layer with support for MySQL among many other databases.
3. Here you can see that PDO is only 1% faster than mysqli.
Both MySQLi and PDO have their advantages: PDO will work on 12 different database systems, whereas MySQLi will only work with MySQL databases. So, if you have to switch your project to use another database, PDO makes the process easy. You only have to change the connection string and a few queries.
PDO has the following advantages over the mysql_* functions:
This question has been asked before, you may want to take a look at the answers:
If you are starting a new project, I would strictly suggest using PDO or a higher-level library/ORM. If you already have a lot of code written without it, it may not be worth it.
PDO has the advantages listed over at the pages linked to above: database abstraction (i.e. your code is made portable across a variety of flavours of DB), it handles a lot of the usual security issues for you if you use its prepared statement features and it returns results as Class instances (which by itself can greatly improve your code by encouraging an object oriented approach), etc., etc.
However the very best approach would be for you to look into an ORM library such as Doctrine. It may seem like overkill given the size of your project, but frankly it's never too early to start learning best practice. An excellent overview of how to build bullet-proof, maintainable database-driven apps given by the lead developer of the Zend Framework can be watched at http://mtadata.s3.amazonaws.com/webcasts/20090724-playdoh.wmv
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With