 |
 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 29 Apr 2015, Ken Irwin said: > Hello all, > > I've just learned that the PHP mysql_* functions are all deprecated as of PHP 5.5, and I'm trying to figure out what this means for my life. My library's website is heavily database-driven, hand-coded, and all written using the mysql_* functions. It's currently running PHP 5.4, so presumably code all needs to be updated before the next server upgrade. Hi Ken, This is a common situation. PDO is where you should be focusing your attention. The PHP community has shifted in a big way toward preferring PDO for database abstraction. The MySQLi extension may appear at first glance to be a tempting alternative, but it has a few problems. First - it looks like it is pretty much API-compatible with the old mysql_*() API, but in fact it is not a drop-in replacement. Optional $link params in mysql_*() are not optional in mysqli_*(), and the argument positions are not the same. This makes it impractical to do a global search/replace (although I admit to having done it on small projects before) Next - MySQLi's API for prepared statements is kind of frustrating to work with, and depends heavily on variable references and has no support for named parameters. PDO's API is quite a bit easier to work with. Your old mysql_*() code won't have used prepared statements since there was no API support, but PDO does generally want to be approached with prepared statements rather than queries with variables in them. It's quote() method (http://php.net/manual/en/pdo.quote.php) is dissimilar from the mysql_real_escape_string() you're probably used to since it escapes *and quotes* strings (though mysqli's version is more similar). If you have the luxury of time, converting to PDO prepared statements could be considered future-proof for a good long while. Now, deprecated doesn't mean gone entirely - if you continue with mysql_*(), you'll get deprecation notices in your logs. The mysql extension is going to be removed in PHP 7, but will likely be converted to a separately distributed extension at the time rather than just completely blocked. It won't be distributed with PHP, but will still exist. Still though, PDO is where I would focus new attention. It will be more work than converting to MySQLi would, but PDO is a good deal more flexible, and is at the core of most modern PHP frameworks. As to other deprecations - if you used the ereg*() functions for regular expressions, those were deprecated in 5.3 and will be removed. There are some other old practices which are no longer supported, like passing variables by reference to functions not defined to accept references, but that's a rarer case. Cheers, - -- ++++++++++++++++++++ Michael Berkowski University of Minnesota Libraries [log in to unmask] 612.626.6137 PGP Public Key: http://z.umn.edu/mjbpubkey ++++++++++++++++++++ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlVBEhcACgkQ01KJk46VC2bOuQCfRzFmKmBBQB2ffj+JsH5942Au H2kAn2zPryayit9umSupcGnXyeSWlh/3 =uGWc -----END PGP SIGNATURE-----