/    Sign up×
Community /Pin to ProfileBookmark

PDO V Mysqli Prepared Statements

Copy linkTweet thisAlerts:
Sep 29.2019

PHP Bros,

Is it true that Mysqli extension did not contain SQL injection proof communications with Mysql dB and so prepared statements was built ?
Is it true that when coding using the mysqli extension, you have to code using prepared statements method ?
And is it true that PDO was built with SQL injection proof method and so you do not need to use prepared statements method ?
If so, then using a basic PDO connection and Mysql dB communication command automatically creates an SQL injection proof connection ?

Do you mind showing 4 pfo code samples so I can learn from you ?

  • 1. INSERT into dB tbl

  • 2. UPDATE row in dB tbl entry

  • 3. DELETE a certain row from dB tbl

  • 4. COPY certain row

  • 5. Connect to DB
    You are welcome to provide any other code samples related to pdo dealing with dB.

    • Anything else I should know ?

    to post a comment
    PHP

    3 Comments(s)

    Copy linkTweet thisAlerts:
    @ginerjmSep 29.2019 — Either extension utilizes prepared statements which will prevent hacking into your database with faulty queries. I have no idea what your concerns are.
    Copy linkTweet thisAlerts:
    @NogDogSep 29.2019 — MySQLi does include prepared statements with bound parameters, which the old, deprecated MySQL extension did not. PDO has always included it -- but then it came along after the original MySQL extension did.

    That being said, the fact that prepared statements exist in either does not automatically prevent SQL injection: it only does so if the developer actually uses it wherever applicable, and uses it correctly. All it takes is one lazy inclusion of an un-sanitized variable in your SQL, and it doesn't matter if you used the relevant prepare() and execute() methods.

    Here's a good place to start for some examples of PDO: https://www.php.net/manual/en/pdo.prepared-statements.php
    Copy linkTweet thisAlerts:
    @PrecalfOct 02.2019 — Sorry, but I can’t get your question. Could you please make it more clear?
    ×

    Success!

    Help @developer_web spread the word by sharing this article on Twitter...

    Tweet This
    Sign in
    Forgot password?
    Sign in with TwitchSign in with GithubCreate Account
    about: ({
    version: 0.1.9 BETA 6.16,
    whats_new: community page,
    up_next: more Davinci•003 tasks,
    coming_soon: events calendar,
    social: @webDeveloperHQ
    });

    legal: ({
    terms: of use,
    privacy: policy
    });
    changelog: (
    version: 0.1.9,
    notes: added community page

    version: 0.1.8,
    notes: added Davinci•003

    version: 0.1.7,
    notes: upvote answers to bounties

    version: 0.1.6,
    notes: article editor refresh
    )...
    recent_tips: (
    tipper: @nearjob,
    tipped: article
    amount: 1000 SATS,

    tipper: @meenaratha,
    tipped: article
    amount: 1000 SATS,

    tipper: @meenaratha,
    tipped: article
    amount: 1000 SATS,
    )...