I understand that MYSQLi is so people can't mess up your databases by putting say and ' or something along those lines that can mess up the inserting process, but is that's all its good for? If I made a login and registry system for a webpage, could I have just the registry page insert in mysqli and then have the login just read from the rows as normal MYSQL or does the login need to be mysqli too? If that is the case, would someone mind explain why and what the risk would be if you weren't to login them in with mysqli. Any and all help is appreciated. Thanks.
Asked
Active
Viewed 69 times
-1
-
1Read http://php.net/manual/en/mysqli.overview.php and http://php.net/manual/en/mysqlinfo.api.choosing.php – rjdown Oct 25 '14 at 01:32
-
1as above but simply using mysql(i) does not make any query safe. you still have to properly sanitise all user input – Oct 25 '14 at 01:34
1 Answers
0
MySQLi is a maintained, and improved (hence the "i" in the name), extension and therefore safer.
MySQL is a deprecated extension which has not been maintained for a couple years. Code that is not maintained does not get fixed when a bug or security hole is found, which is why it is recommended that you do not use it.
Sverri M. Olsen
- 13,055
- 3
- 36
- 52