16

I'm fairly new to PHP and have built a medium sized website using standard MySQL database calls. However, I have recently learned about PDO and I am hoping to find out from the community if it is worth switching from MySQL over to PDO. For security I have been using mysql_real_escape_string.

Info about the site:
I'm using a mix of INSERT and SELECT calls. The data returned from SELECT calls isn't massive (no more than 30 records returned by using LIMIT). There will also not be a whole lot of INSERTs. The site is currently not live and so making changes now is easy.

In your professional opinions, is it worth my time to switch the site over to PDO from MySQL? Or is staying with MySQL just as good? Or in other words, what would be the reason, if any, to switch to PDO now?

Teun Zengerink
  • 4,277
  • 5
  • 30
  • 32
justinl
  • 10,448
  • 21
  • 70
  • 88
  • 5
    The biggest downside to using PDO that I've seen so far: People who switch to PDO still try to use `mysql_real_escape_string()`, and then they go post a bunch of duplicate questions on StackOverflow when it doesn't work :P –  Jan 17 '12 at 21:05

2 Answers2

34

PDO has the following advantages over the mysql_* functions:

  • It's cross database, meaning it's the same interface for different relational databases.
  • It helps protect against SQL injections.
  • It's much cleaner (uses an object-oriented approach).

This question has been asked before, you may want to take a look at the answers:

If you are starting a new project, I would strictly suggest using PDO or a higher-level library/ORM. If you already have a lot of code written without it, it may not be worth it.

Community
  • 1
  • 1
Sasha Chedygov
  • 127,549
  • 26
  • 102
  • 115
  • Thanks for the quick response. Yes I saw those other posts which were helpful. I was more wondering if it would be worth while to switch over to PDO. I wasn't going to switch over but now that I have learned about PDO I was curious if I should switch over, or if staying with MYSQL would be fine. – justinl May 15 '09 at 04:29
  • Well if you already have a lot of code written, I wouldn't bother, but for any new projects I would strictly suggest PDO. – Sasha Chedygov May 15 '09 at 05:23
  • Yes there's a fair amount of code. I wish I had learned about it earlier. But it's good to hear that it's not the end of the world if I don't use it. Thanks again! – justinl May 15 '09 at 06:05
  • I agree it's cleaner. I don't know if being cross-database is really an advantage. It only helps protect against SQL injection if you use it right. It is NOT necessarily faster, I don't believe you can make such a statement credibly without citing a benchmark. – MarkR Aug 01 '09 at 21:59
4

PDO has the advantages listed over at the pages linked to above: database abstraction (i.e. your code is made portable across a variety of flavours of DB), it handles a lot of the usual security issues for you if you use its prepared statement features and it returns results as Class instances (which by itself can greatly improve your code by encouraging an object oriented approach), etc., etc.

However the very best approach would be for you to look into an ORM library such as Doctrine. It may seem like overkill given the size of your project, but frankly it's never too early to start learning best practice. An excellent overview of how to build bullet-proof, maintainable database-driven apps given by the lead developer of the Zend Framework can be watched at http://mtadata.s3.amazonaws.com/webcasts/20090724-playdoh.wmv

Oliver Turner
  • 1,392
  • 8
  • 11