public
Last active

Don't use MySQL functions in PHP - Comment for Stack Overflow

  • Download Gist
mysql_comment.markdown
Markdown
[**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](http://j.mp/XqV7Lp). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ).

Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

More information is available in the PHP wiki, too: Request for Comments: ext/mysql deprecation

To increase conversion rate I would state how easy it is to change over to PDO - this may scare people thinking it's a lot of work to convert everything when really it's not.

To make it less obtrusive when posting, can we not put some of the links at the start of the SO post it links to? If someone is willing to be educated and heed the advice they will click at least one of the links. Make that link the one that directs to the main post which will then show the others. I personally think 8 links in a comment is a tad overboard.

To prevent it to look spammy I often just cherry pick the links OP needs and write a custom comment.

@PeeHaa, Try to see if you can fork this gist and come up with a better version that you usually give. Or do you customize the comment into the occasion?

Also, on a side note. When I first saw this being posted on SO as a new user I thought the whole:

See the red box?

Was kinda rude sounding. It makes it seem like we are saying to the OP "Are you an idiot? Can you not read?"
So, maybe remove that or reword it so it doesn't sound so harsh.

@MadaraUchiha I do this on a case by case basis. So basically what I am saying is that I just manually write a comment and add the links that OP needs.

it could be like You are using an obsolete database API and should use a modern replacement.

  You are using [an obsolete database API](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) and should use a [modern replacement.](http://php.net/manual/en/mysqlinfo.api.choosing.php)
**Careful!** The `mysql_*` functions are [old and should not be used anymore](http://bit.ly/phpmsql). Please have a look at [PDO](http://php.net/pdo) or [MySQLi](http://php.net/msqli), which are better [MySQL API choices](http://php.net/manual/en/mysqlinfo.api.choosing.php).

Careful! The mysql_* functions are old and should not be used anymore. Please have a look at PDO or MySQLi, which are better MySQL API choices.

Something about "can be dangerous in live code" would alert the user to SQL injection.

@j7mbo AFAIK mysql_* are safe as pdo or mysqli ... i think its all about deprecation of api ?

Alternative language:

In most cases you want to use the PDO over mysql_. PDO is designed to work with a MySQL database better than the now deprecated mysql_.

Use of mysql_* statements may lead to data breaches and website hijacking due to the well known security vulnerabilities associated with its use. mysql_* is no longer supported by PHP and use of it will prevent you from upgrading PHP to the latest most secure, fast and stable release.

Learn how easy PDO is here

High-impact version

Less rude (no red box in your face, don't tell what to learn), more friendly:

There is no more support for mysql_* functions, they are officially deprecated, no longer maintained and will be removed in the future. You should update your code with PDO or MySQLi to ensure the functionality of your project in the future.

Copy-pasta Markdown code:

There is **no more support** for `mysql_*` functions, they are [**officially deprecated**](https://wiki.php.net/rfc/mysql_deprecation), **no longer maintained** and will be [**removed**](http://php.net/manual/en/function.mysql-connect.php#warning) in the future. You should update your code with [PDO](http://php.net/pdo) or [MySQLi](http://php.net/msqli) to ensure the functionality of your project in the future.

@godka -- There is a typo on your mysqli link.

Here is the fully working version of @godka's code:

There is **no more support** for `mysql_*` functions, they are [**officially deprecated**](https://wiki.php.net/rfc/mysql_deprecation), **no longer maintained** and will be [**removed**](http://php.net/manual/en/function.mysql-connect.php#warning) in the future. You should update your code with [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) to ensure the functionality of your project in the future.

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.