問題描述

因為我不久前停止使用這些功能，所以在這里玩了一點惡魔的代言人，但這個問題是真實的，可能對很多 SO 用戶都很重要.

我們都知道以錯誤的方式使用 mysql_ 函數可能非常危險，它會使您的網站容易受到攻擊等.但正確使用這些函數可以防止 SQL 注入，并且實際上快了一點比新的 PDO 函數.

We all know that using mysql_ functions in the wrong way can be very dangerous, it can leave your website vulnerable, etc. but used correctly these functions can be protected against SQL injection and are actually a fair bit faster than the newer PDO functions.

考慮到所有這些，為什么不推薦使用 mysql_ 函數?

Bearing all this in mind, why have the mysql_ functions been deprecated?

推薦答案

mysql 擴展很古老，從 15 年前發布的 PHP 2.0 開始就已經存在 (!!)；這與試圖擺脫過去不良做法的現代 PHP 截然不同.mysql 擴展是一個非常原始的、低級的 MySQL 連接器，它缺乏許多方便的特性，因此很難以安全的方式正確應用；因此，這對菜鳥不利.許多開發人員不了解 SQL 注入，而且 mysql API 非常脆弱，即使您知道它也很難阻止它.它充滿了全局狀態(例如隱式連接傳遞)，這使得編寫難以維護的代碼變得容易.由于它很舊，在 PHP 核心級別維護可能會非常困難.

The mysql extension is ancient and has been around since PHP 2.0, released 15 years ago (!!); which is a decidedly different beast than the modern PHP which tries to shed the bad practices of its past. The mysql extension is a very raw, low-level connector to MySQL which lacks many convenience features and is thereby hard to apply correctly in a secure fashion; it's therefore bad for noobs. Many developers do not understand SQL injection and the mysql API is fragile enough to make it hard to prevent it, even if you're aware of it. It is full of global state (implicit connection passing for instance), which makes it easy to write code that is hard to maintain. Since it's old, it may be unreasonably hard to maintain at the PHP core level.

mysqli 擴展更新了很多，并修復了上述所有問題.PDO 也是相當新的，也解決了所有這些問題，以及更多.

The mysqli extension is a lot newer and fixes all the above problems. PDO is also rather new and fixes all those problems too, plus more.

由于這些原因* mysql 擴展將在未來某個時候被刪除.它在鼎盛時期完成了它的工作，相當糟糕，但它做到了.時間在流逝，最佳實踐已經發展，應用程序變得更加復雜并且需要更現代的 API.mysql 即將退休，請繼續使用.

Due to these reasons* the mysql extension will be removed sometime in the future. It did its job in its heyday, rather badly, but it did it. Time has moved on, best practices have evolved, applications have gotten more complex and require a more modern API. mysql is being retired, live with it.

考慮到所有這些，除了慣性之外，沒有理由繼續使用它.

Given all this, there's no reason to keep using it except for inertia.

* 這些是我的常識總結原因；對于整個官方故事，請看這里:https://wiki.php.net/rfc/mysql_deprecation

* These are my common sense summary reasons; for the whole official story, look here: https://wiki.php.net/rfc/mysql_deprecation

從該文檔中選擇引用如下:

Choice quotes from that document follow:

文檔組正在討論數據庫安全情況，并教育用戶遠離常用的ext/mysql擴展是其中的一部分.

The documentation team is discussing the database security situation, and educating users to move away from the commonly used ext/mysql extension is part of this.

遠離 ext/mysql 不僅關乎安全，還關乎可以訪問 MySQL 數據庫的所有功能.

Moving away from ext/mysql is not only about security but also about having access to all features of the MySQL database.

ext/mysql 很難維護代碼.它不是沒有新的特征.保持更新以使用新版本的libmysql 或 mysqlnd 版本是有效的，我們可能會花掉它時間更好.

ext/mysql is hard to maintain code. It is not not getting new features. Keeping it up to date for working with new versions of libmysql or mysqlnd versions is work, we probably could spend that time better.

這篇關于為什么不推薦使用 PHP 的 mysql_ 函數?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！