What is mysql_* functions in PHP

mysql_* functions are used in PHP in order to connect and interact with the mysql database. Here are many mysql_* functions available in PHP. You can see their list from official PHP page. Here’s a small snippet for example:

<?php
	ob_start();
	session_start();
	require_once 'dbconnect.php'; 
	include 'header.php';

	$sql = mysql_query("SELECT * from site");
	$siteRow = mysql_fetch_array($sql);

	if(!isset($_SESSION['userID']))
	{
		header('location: login.php');
		exit;
	}

	$sql = mysql_query("SELECT * From user where userID=" . $_SESSION['userID']);
	$userRow = mysql_fetch_array($sql);

	if($userRow['userType'] != 'Admin')
	{
		header('location: dashboard.php');
		exit;
	}

	$page = $_GET["page"]; 
	if(!isset($_GET["page"]))
	{
		$page = 0;
	}
	if($page < 0) $page = 0;

	mysql_query("SELECT * from user where userType='Member'");
	$totalPage = mysql_affected_rows();
	$totalPage = ceil($totalPage/10);
?>

The reasons why I should not use mysql_* functions anymore

mysql_* functions are officially deprecated as of PHP 5.5 and have been removed completely in PHP 7. But maybe you use PHP 5 and maybe you have been using these mysql_* functions from long ago. So you don’t want to stop using it and adopt something new. Here are some reasons why you should not use these mysql_* functions anymore:

They are no longer maintained and are officially deprecated

This means that the PHP community is gradually dropping support for these very old functions. They are likely to not exist in a future (recent) version of PHP! Continued use of these functions may break your code in the (not so) far future.

ext/mysql is now officially deprecated as of PHP 5.5 and has been removed in PHP 7!

You should learn of prepared statements

mysql_* extension does not support prepared statements, which is (among other things) a very effective countermeasure against SQL Injection. It fixed a very serious vulnerability in MySQL dependent applications which allows attackers to gain access to your script and perform any possible query on your database.

See the Red Box?

When you go on any mysql function manual page, you see a red box, explaining it should not be used anymore.

Use either PDO or MySQLi

There are better, more robust and well built alternatives, PDO – PHP Database Object, which offers a complete OOP approach to database interaction, and MySQLi, which is a MySQL specific improvement.

Conclusion

These functions still exist in PHP for only one reason – compatibility with old, outdated but still running CMS, e-commerce, bulletin board systems etc. Finally it will be removed and you will have to rewrite your web application.

  1. Thank you so much! I’m glad that you liked it. Please subscribe to my blog to receive updates on future posts. If you face any problems or need help, feel free to contact me. Have a great day!

  2. You really make it seem so easy with your presentation but I find this topic to be actually something which I think I would never understand. It seems too complicated and very broad for me. I’m looking forward for your next post, I will try to get the hang of it!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>