4

i've started to create my website, but now i have few doubts. I've searched, that MySqli object oriented is good to use because you can prepare the queries, use bind_param and execute. The MySqli from my website looks like this: PHP MySQLI Prevent SQL Injection

But, this is good enough? My website need a good code like this to become more secure for SQL Injection, but it makes me immune for DDoS and defaces?

Backing to the topic: Mysqli is equal to PDO in secure and performance?

Community
  • 1
  • 1
Roga Foryn
  • 51
  • 6

1 Answers1

4

There is no difference in security, but only in usability. Mysqli is unusable as is, leaving PDO the only choice.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • Why? it's too complicated? outdated ? – Roga Foryn Feb 12 '16 at 09:24
  • Well, it's not finished yet, but here you go: https://phpdelusions.net/usab – Your Common Sense Feb 12 '16 at 09:46
  • I started to use PDO, converting my code using this tutorial https://phpdelusions.net/pdo#query – Roga Foryn Feb 12 '16 at 09:51
  • Feel free to ask if you have any questions. I am eager to get any feedback to improve the article. – Your Common Sense Feb 12 '16 at 10:44
  • Okay! Thanks, this article give a good help, i already converted a login and a register script from mysqli to PDO. I learned instantly. My only doubt so far is: PDO doens't have to close connect and stmt? like $mysqli->close(); – Roga Foryn Feb 12 '16 at 11:06
  • Well, for a connection you don't need it most of time for mysqli either - PHP will close it automatically on the script's end. As of the statement, although you may, but if you are calling it within a function, it will be automatically closed at the function's end, as well if you are rewriting it. But if you want to close it, just write `$stmt = null;` – Your Common Sense Feb 12 '16 at 11:50