Welcome to Virtual Pet List - the fastest growing online games forum on the internet

Would you like to become a member of the largest and most successful virtual pets & sim games community on the internet today? We've been opened since 2011 and since then, we've been providing developers, artists, players and writers with the most relevant, up to date, quality and in depth content covering the entire online games community. So, if you just like virtual pet sites, we have you covered. But, if you prefer sim games, well we're here for you as well. However, if you're a new game developer and you're looking to show off your game to all of our members, then we'd love to hear all about your game in our sneak peeks forum. Just because our name is Virtual pet list doesn't mean pet games is the only thing we talk about. Our community talks about technology, making money, making art, writing and a lot more. So, please don't be afraid to say hello to everyone here because you never know what type of friends you'll make on our community. We strive to be friendly and offer positive discussions. We're very passionate, caring and hard working members of these niche, so if you hear about a new pet game from your friend, then it's highly likely that your friend found that game on our forum. If you want to learn anything about developing your own online game, then just go through our guides forum. You'll notice that whatever you're seeking on other developer's communities has more than likely already been talked about, researched and has already been put into good use by highly skilled developers.

  1. An upcoming virtual pet site that's owned by one of our moderators, Pepper-headAn upcoming virtual pet site that's owned by one of our moderators, Pepper-head sim game where you can breed your very own cats Kaylune, a virtual pet site Grophland.com : Breed virtual pets, Play, Explore
    VigLink badge
    Novilar

    Comment, rate or review Virtual Pet Sites, Sim Games or Role Playing games.
    Help vpl reach 10k users by Promoting us or purchase advertising
    : Development Guides - The Admin Effect - Browser games



    Donations are now being accepted again!!!
    What would you like us to improve?

MySQL() Function Deprecation in PHP 5.4

Discussion in 'Programming General' started by nobackseat, Aug 30, 2011.

  1. So this is some big news, PHP will be deprecating all mysql() functions in PHP starting at version 5.4. Although this is only a 'soft' deprecation, it should still say a lot about what you should be using to power the database communication.

    Some good alternatives are PDO and MySQLi. PDO is great, and using Juddster's database class makes it easy to implement.

    It will probably be yearssssssssssssss before hosts generally began to adopt 5.4 into their shared hosting, but still, 5.4 is already in alpha releases, so move fast to stay modern!

    (Using a PHP framework, I have nothing to worry about. :))

    If you don't know if your site uses mysql(), then it probably does, as it is the most common way to communicate with the database.

    This release will also completely remove register_globals, make short tags work regardless of configuration, FastCGI Process Manager is officially added, new syntax for arrays, built-in HTTP server, show progress of uploads, and E_ALL really shows all errors. :D

    I'm not sure yet if they're having APC come included. Anybody know?

    I know if I had a site, I'd already be testing it on it. There are lots of performance improvements.

    What do you guys think of this?

    NBS
     
    #1 nobackseat, Aug 30, 2011
    Last edited: Aug 30, 2011
    • Like Like x 1
    Your banner/button can be located here for an entire month or year, please see our advertising on virtualpetlist thread for more information.

  2. Why are they getting rid of the mysql() function(s)?
     
  3. They're old functions, they promote insecure programming and they lack modern features.

    You're expected to use the mysqli library or pdo instead of the mysql functions now. But they're not being 'removed' really, just deprecated. You'll get a notice (or warning?) when you use those functions, but they'll still work as they did before.
     
  4. hmm what modern features do they lack?
     
  5. Prepared statements, multiple statements, transactions, cursors, stored procedures, oop interface, and more.
     
  6. Pretty much everything haha. I think the main thing is that they force you to sanitize for SQL injection, where as pretty much any other method of connecting with the database does most of that for you.

    mysqli and pdo allow for prepared statements...
    Technically, it doesn't protect from sql injections any better than the old mysql module, just makes doing it easier for the developer, who can now use prepared statements instead of calling mysql_real_escape_string.

    And then there's all the things Andy listed. mysql_XXX is soo 1990s :p
     
  7. As a beginner just learning how to code, should I learn how to code with the oldschool way of doing MySQL and then learn the new one or just skip the old one? is there a tutorial out there for it?
     
  8. I would suggest not learning mysql. No reason to spend time learning it if it is just going to be deprecated. Learn PDO or mysqli. (Should be easy to go back and learn mysql once you learn these ;) )
     
    #8 indysolo621, Sep 7, 2011
    Last edited: Sep 7, 2011
  9. Hi @BigThinkerBigThinker,

    I definitely suggest you learn mysql_*() functions. As a programmer, it really does benefit to have a broad skill set and be flexible. Since it is the most common method, I suggest you learn it as a good foundation, and then build upon it to the more advanced techniques.

    Good luck.

    NBS
     
    #9 nobackseat, Sep 7, 2011
    Last edited by a moderator: Oct 16, 2013
  10. Alright.. I'll take a gander at both. I'm learning about arrays and stuff now so I am still quite a ways away from databases. :)
     
  11. I might as well go through it now... not that hard or time consuming with find+replace xd. Just got to remember to do it this way with future stuff
     
  12. This is where abstracting away the actual database object helps a fair bit. If you had abstracted it, then this change would be in 1 file instead of trickled through multiple.

    ~judda
     
  13. Working on a few sites lately I've ran into multiple $_GET and $_POST that are in free air and not escaped in any way, shape or form. I think it would have been nice if the mysql() functions would have thrown an automatic fatal error if they're not escaped. I think PDO will be nice, but it's sure hard when you have a site that's fully coded using all mysql and there is no function library or master includes in place.
     
  14. Thankfully, SQL stays pretty much the same. It's just the names of the functions you really have to worry about.
     
  15. You do realize that that is not physically possible for these functions to do this. How do they know that you are not trying to "DELETE FROM users WHERE userid = '1' OR 1=1--"? How is the function to know that? Yes, you can because you are able to look at the context of the code and make an informed decision however, the database is just doing exactly what it is being told.

    TBH, people should never include the user's input directly into a query. They should be using query parameters. This avoid the need to escape the strings all together.

    ~judda
     
    • Like Like x 1
  16. The Zend engine can already parse out bad data (mysql_real_escape_string anyone?). Why can't mysql() do it anyway? If a user is trying to DELETE * FROM dbtable then they deserve to have bad things happen. That's what DROP is for.
     
  17. DROP is for dropping tables ... not emptying them. They are two completely different things.

    What functions / objects in the Zend framework do you use for that. I would like to read up on it (because I don't believe it works that way).

    ~judda
     

Share This Page

  • About VPL

    We are a community of artists, writers, programmers and general users who have a vested interest in virtual pet games. All of us are from different backgrounds and yet we group together with one goal, to ensure our community is one of the best!
  • Like VPL on Facebook!

  • Support VPL

    We have to face that the site doesn't run for free sadly. If it did, we would be all set but unfortunately the costs are getting higher and higher as we grow. We offer members a Supporter premium usergroup. If you donate to VPL you are joined to this group and you get many perks that members do not get.

    Donate to VPL!