-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 29 Apr 2015, Ken Irwin said:
> Hello all,
>
> I've just learned that the PHP mysql_* functions are all deprecated as of PHP 5.5, and I'm trying to figure out what this means for my life. My library's website is heavily database-driven, hand-coded, and all written using the mysql_* functions. It's currently running PHP 5.4, so presumably code all needs to be updated before the next server upgrade.
Hi Ken,
This is a common situation. PDO is where you should be focusing your
attention. The PHP community has shifted in a big way toward preferring PDO
for database abstraction. The MySQLi extension may appear at first glance to
be a tempting alternative, but it has a few problems.
First - it looks like it is pretty much API-compatible with the old mysql_*()
API, but in fact it is not a drop-in replacement. Optional $link params in
mysql_*() are not optional in mysqli_*(), and the argument positions are not
the same. This makes it impractical to do a global search/replace (although I
admit to having done it on small projects before)
Next - MySQLi's API for prepared statements is kind of frustrating to work
with, and depends heavily on variable references and has no support for named
parameters. PDO's API is quite a bit easier to work with.
Your old mysql_*() code won't have used prepared statements since there was no
API support, but PDO does generally want to be approached with prepared
statements rather than queries with variables in them. It's quote() method
(http://php.net/manual/en/pdo.quote.php) is dissimilar from the
mysql_real_escape_string() you're probably used to since it escapes *and
quotes* strings (though mysqli's version is more similar). If you have the
luxury of time, converting to PDO prepared statements could be considered
future-proof for a good long while.
Now, deprecated doesn't mean gone entirely - if you continue with mysql_*(),
you'll get deprecation notices in your logs. The mysql extension is going to
be removed in PHP 7, but will likely be converted to a separately distributed
extension at the time rather than just completely blocked. It won't be
distributed with PHP, but will still exist.
Still though, PDO is where I would focus new attention. It will be more work
than converting to MySQLi would, but PDO is a good deal more flexible, and is
at the core of most modern PHP frameworks.
As to other deprecations - if you used the ereg*() functions for regular
expressions, those were deprecated in 5.3 and will be removed. There are some
other old practices which are no longer supported, like passing variables by
reference to functions not defined to accept references, but that's a rarer
case.
Cheers,
- --
++++++++++++++++++++
Michael Berkowski
University of Minnesota Libraries
[log in to unmask]
612.626.6137
PGP Public Key: http://z.umn.edu/mjbpubkey
++++++++++++++++++++
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlVBEhcACgkQ01KJk46VC2bOuQCfRzFmKmBBQB2ffj+JsH5942Au
H2kAn2zPryayit9umSupcGnXyeSWlh/3
=uGWc
-----END PGP SIGNATURE-----
|
