Why are PHP's mysql_ functions deprecated?
The mysql extension is ancient and has been around since PHP 2.0, released 15 years ago (!!); which is a decidedly different beast than the modern PHP which tries to shed the bad practices of its past. The mysql extension is a very raw, low-level connector to MySQL which lacks many convenience features and is thereby hard to apply correctly in a secure fashion; it's therefore bad for noobs. Many developers do not understand SQL injection and the mysql API is fragile enough to make it hard to prevent it, even if you're aware of it. It is full of global state (implicit connection passing for instance), which makes it easy to write code that is hard to maintain. Since it's old, it may be unreasonably hard to maintain at the PHP core level.
The mysqli extension is a lot newer and fixes all the above problems. PDO is also rather new and fixes all those problems too, plus more.
Due to these reasons* the mysql extension will be removed sometime in the future. It did its job in its heyday, rather badly, but it did it. Time has moved on, best practices have evolved, applications have gotten more complex and require a more modern API. mysql is being retired, live with it.
Given all this, there's no reason to keep using it except for inertia.
* These are my common sense summary reasons; for the whole official story, look here: https://wiki.php.net/rfc/mysql_deprecation
Choice quotes from that document follow:
The documentation team is discussing the database security situation,
and educating users to move away from the commonly used ext/mysql
extension is part of this.
Moving away from ext/mysql is not only about security but also about
having access to all features of the MySQL database.
ext/mysql is hard to maintain code. It is not not getting new
features. Keeping it up to date for working with new versions of
libmysql or mysqlnd versions is work, we probably could spend that
time better.
Why shouldn't I use mysql_* functions in PHP?
The MySQL extension:
- Is not under active development
- Is officially deprecated as of PHP 5.5 (released June 2013).
- Has been removed entirely as of PHP 7.0 (released December 2015)
- This means that as of 31 Dec 2018 it does not exist in any supported version of PHP. If you are using a version of PHP which supports it, you are using a version which doesn't get security problems fixed.
- Lacks an OO interface
- Doesn't support:
- Non-blocking, asynchronous queries
- Prepared statements or parameterized queries
- Stored procedures
- Multiple Statements
- Transactions
- The "new" password authentication method (on by default in MySQL 5.6; required in 5.7)
- Any of the new functionality in MySQL 5.1 or later
Since it is deprecated, using it makes your code less future proof.
Lack of support for prepared statements is particularly important as they provide a clearer, less error-prone method of escaping and quoting external data than manually escaping it with a separate function call.
See the comparison of SQL extensions.
mysql_ deprecated
According to the PHP
Manual, you should use any of the following:
- mysqli_stmt_num_rows()
- PDOStatement::rowCount()
To be clear though, neither of these is a mere substitute for mysql_num_rows()
. Your code must eventually be rewritten entirely to use the MySQLi or PDO API in lieu of mysql_*()
.
PHP - is mysql_prep deprecated
mysql_prep must be some user defined function. It does not exist in the php docs.
http://php.net/manual-lookup.php?pattern=mysql_prep&scope=quickref
Look inside this function in your own code and if it has any references to mysql_ functions then consider it deprecated. All mysql_ functions are deprecated as of PHP 5.5 and are removed in PHP 7.
Use mysqli_ functions or PDO instead.
Related Topics
Interview Question: How to Have an Echo Before Header
Why Is My Database Backup Script Not Working in PHP
Shell_Exec() Timeout Management & Exec()
Replace the Last Comma with an & Sign
Sharing PHP Session ($_Session) Across Multiple Domain
How to Detect If a User Uploaded a File Larger Than Post_Max_Size
HTML PHP Display Username After Success Login
Google Recaptcha - Keep Getting 'Incorrect-Captcha-Sol'
Php: How to Load the Content of a Web Page into a Variable
$_Server['Remote_Port'] Not Giving Value
Insert Multiple Data into Database in Yii 2
Including PHP Variables in an External Js File
How to Replace Some Characters with Asterisks
How to Display Images from a Folder Using PHP - PHP
Facebook Oauthexception: "User Hasn't Authorized the Application to Perform This Action"