Menu
I do know that PDO does not support multiple queries getting executed in one statement. I've been Googleing and found few posts talking about PDO_MYSQL and PDO_MYSQLND.
PDO_MySQL is a more dangerous application than any other traditional MySQL applications. Traditional MySQL allows only a single SQL query. In PDO_MySQL there is no such limitation, but you risk to be injected with multiple queries.
From: Protection against SQL Injection using PDO and Zend Framework (June 2010; by Julian)
It seems like PDO_MYSQL and PDO_MYSQLND do provide support for multiple queries, but I am not able to find more information about them. Were these projects discontinued? Is there any way now to run multiple queries using PDO.
380
Performance. While both PDO and MySQLi are quite fast, MySQLi performs insignificantly faster in benchmarks - ~2.5% for non-prepared statements, and ~6.5% for prepared ones. Still, the native MySQL extension is even faster than both of these.
There is no difference in security. The main difference between PDO and Mysqli is that PDO supports various databases and mysqli supports only MySQL. MySQLi is also a bit faster. PDO supports 12 different drivers, opposed to MySQLi, which supports MySQL only.
To prepare and execute a single SQL statement that accepts no input parameters, use the PDO::exec or PDO::query method.
The main advantage of PDO over MySQLi is in the database support. PDO supports 12 different database types, in opposition to MySQLi, which supports MySQL only. When you have to switch your project to use another database, PDO makes the process simpler.
As I know, PDO_MYSQLND replaced PDO_MYSQL in PHP 5.3. Confusing part is that name is still PDO_MYSQL. So now ND is default driver for MySQL+PDO.
Overall, to execute multiple queries at once you need:
PDO::ATTR_EMULATE_PREPARES is set to 1 (default). Alternatively you can avoid using prepared statements and use $pdo->exec directly.Using exec
$db = new PDO("mysql:host=localhost;dbname=test", 'root', ''); // works regardless of statements emulation $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 0); $sql = " DELETE FROM car; INSERT INTO car(name, type) VALUES ('car1', 'coupe'); INSERT INTO car(name, type) VALUES ('car2', 'coupe'); "; $db->exec($sql); Using statements
$db = new PDO("mysql:host=localhost;dbname=test", 'root', ''); // works not with the following set to 0. You can comment this line as 1 is default $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1); $sql = " DELETE FROM car; INSERT INTO car(name, type) VALUES ('car1', 'coupe'); INSERT INTO car(name, type) VALUES ('car2', 'coupe'); "; $stmt = $db->prepare($sql); $stmt->execute(); When using emulated prepared statements, make sure you have set proper encoding (that reflects actual data encoding) in DSN (available since 5.3.6). Otherwise there can be a slight possibility for SQL injection if some odd encoding is used.
119
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
