The Little Guy Posted April 27, 2007 Share Posted April 27, 2007 Just thought I would recommend this, instead of using the mysql library, you should use the mysqli library for doing your PHP SQL. Whats the difference? mysqli - stands for mysql Improved This means that the mysql library isn't as secure as the mysqli library. Almost all of the mysqli functions are the same as the mysql fuctions, only they are more secure. The way you connect and do the SQL is a little bit different though. The old way: <?php $dbHost = "localhost"; $dbUser = "xxxx"; $dbPass = "xxxxxx"; $dbDatabase = "my_database"; $db = mysql_connect($dbHost, $dbUser, $dbPass) or die ("Error connecting to database."); mysql_select_db($dbDatabase,$db) or die ("Couldn't select the database."); $sql = mysql_query("SELECT * FROM my_table")or die(mysqli_error()); $row = mysql_fetch_array($sql); ?> The new way: <?php $dbHost = "localhost"; $dbUser = "xxxx"; $dbPass = "xxxxxx"; $dbDatabase = "my_database"; $db = mysqli_connect($dbHost, $dbUser, $dbPass) or die ("Error connecting to database."); mysqli_select_db($db,$dbDatabase) or die ("Couldn't select the database."); $sql = mysqli_query($db,"SELECT * FROM my_table")or die(mysqli_error()); $row = mysqli_fetch_array($sql); ?> Notice in the old way, in the query $db is not there, and if it is it is at the end. With the new way, the query MUST contain $db, and it is before the SQL. I would recommend that if you have PHP 5+, that you try to move away from the mysql library, into a bit more secure mysqli library. Quote Link to comment https://forums.phpfreaks.com/topic/48964-mysqli/ Share on other sites More sharing options...
wildteen88 Posted April 27, 2007 Share Posted April 27, 2007 Having to refer the mysql link resource (that is what $db holds) doesn't make the mysql improved library more secure. It just enforces people to refer the link resource within functions. This is especially good if you connect to more than 1 MySQL server. MySQLi adds more/better functionality over the standard the mysql library. It also comes with a pre-built mysql class. It does not have better security. They are both the same. Just that MySQLi allows you to work more efficiently when working with mysql databases. Quote Link to comment https://forums.phpfreaks.com/topic/48964-mysqli/#findComment-239947 Share on other sites More sharing options...
The Little Guy Posted April 27, 2007 Author Share Posted April 27, 2007 According to Zend, it is more secure http://devzone.zend.com/node/view/id/686 Why Switch? Beyond gaining access to the new features of MySQL 4.1+, why would anyone want to switch to using ext/mysqli? In addition to the functionality mentioned above, ext/mysqli also has some other serious benefits: * Greater speed. Enhancements in both the extension and in MySQL have made most operations faster, with certain operations becoming up to 40 times faster as compared to ext/mysql. * Better security. In older versions of the MySQL RDBMS, the possibility existed for an attacker to extract weak password hashes from the network and then recreate a user's password. The new authentication procedure is much more robust and mirrors the attack-resistant authentication procedure of tools like SSH. Quote Link to comment https://forums.phpfreaks.com/topic/48964-mysqli/#findComment-240025 Share on other sites More sharing options...
per1os Posted April 27, 2007 Share Posted April 27, 2007 The moral of the story, don't use weak passwords =) Quote Link to comment https://forums.phpfreaks.com/topic/48964-mysqli/#findComment-240028 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.