As mysql functions are deprecated from PHP 5.5 and above. PHP offers three different APIs to connect to MySQL. These APIs are mysql, mysqli and PDO extensions. The mysql_* functions are very popular, but their use is not encouraged anymore now. PHP developer team is discussed about the database security and has taken the decision to generate E_DEPRECATED errors when users connect to MySQL, whether through mysql_connect(), mysql_pconnect().
When you go to on any MySql_* function manual page, you can see a red box warning, explaining it should not be used anymore. This extension is deprecated as of PHP 5.5.0, and will be removed in the future.
Why we should not use mysql_*Â functions?
MySql_* function are no longer maintained, and are officially deprecated from PHP 5.5 and above. These functions will not be available in future version of PHP so continued use of these functions may break your code in the future.
Missing features that are not supported by ext/mysql:
Prepared statements:
Prepared statements are not supported by mysql_* functions is particularly important as they provide less error prone method of escaping and quoting external data than manually escaping it with a separate function call. which is a very effective against SQL Injection. It fixed a very serious weakness in MySQL dependent applications which allows attackers to gain access of your script and perform any query on your database.
Stored procedures:
Stored procedure do increase the performance of application. Once created, stored procedure is compiled and stored in the database catalog. It runs faster than uncompiled SQL commands and reduced the traffic between application and database server because instead of sending multiple uncompiled long SQL commands statement.
Stored procedure is reusable and transparent to any application which wants to use it. Stored procedure exposes the database interface to all applications so developer doesn’t have to program the functions which are already supported in stored procedure in all programs.
Encryption:
Sometimes clients want that the information they collected from the user should be encrypted and stored in database. Data encryption and decryption is a common technique for secured data. In this article I’ll show how could you use mysql’s built in function to encrypt and decrypt data.
Lack of Object Oriented interface:
mysql supports the procedural interface not Object Oriented interface.
Other Reason to not use mysql_* function:
• Not under active development
• In deprecation process
• Doesn’t support prepared statements or parametrized queries
• Doesn’t support stored procedures
• Doesn’t support multiple statements
• Doesn’t support transactions
What should we do?
Suppressing deprecation warnings:
While code is being converted to MySQLi/PDO, E_DEPRECATED errors can be suppressed by setting error_reporting in php.ini to exclude E_DEPRECATED:
error_reporting = E_ALL ^ E_DEPRECATED
Suppressing deprecation warnings is not a way to use mysql_* functions. Because it will hide other deprecation warnings not related to MySql.
Use either PDO or MySQLi:
It is recommended to use either the mysqli or PDO_MySQL extensions as mysql functions deprecated. There are better, more robust and well built alternatives.
PDO – PHP Database Object, which offers a complete OOP approach to database interaction
MySQLi – which is a MySQL specific improvement.
Later I will discuss about the PDO and MySqli.
