Richard Stibbard’s “MySQL/PDO Connection” - A mini-course
- The course assumes you know how to create a MySQL database in phpMyAdmin but provides all source code necessary
First launched in 2014, this simple “evergreen” series of short tutorials has proven popular ever since, and shows how to connect to a MySQL database using a PDO connection and display the database records in the browser.
Why use PDO?
There is a choice of only two ways to connect to a MySQL database, either mysqli, the ‘i’ standing for ‘improved’, or PDO. All the old mysql_* commands are long-since deprecated and inherently a security risk. No mysql_* commands should be used any more, and they should be replaced in old code.
Both PDO and mysqli are equivalent in terms of security as both support prepared statements, meaning that user input is not entered straight into the SQL query but sent along a different channel where it is sanitised and safe to use. Both remove the risk of SQL injection inherent in using mysql_ commands.
Unlike mysqli, PDO supports named parameters and placeholder question marks; mysqli only supports placeholders. I will show how to work with both in this tutorial and you will see that named parameters are an easier and more convenient way of working with database fields easier.
Unlike mysqli, PDO supports many different database vendors – mysqli as we would gather from the name, only supports MySQL databases. If you did have to swap from one database type to another you would still have work to do as the SQL queries would be different, but at least it would be possible without many changes.
In summary, PDO is secure, flexible, and convenient and the best choice for all new projects and updates, so let’s get started.
This tutorial assumes you know how to create a MySQL database in phpMyAdmin on your local machine, but to speed things up I provide an SQL file for you to import the database you need to do the course into phpMyAdmin.