This is a short series of tutorials on how to connect to a MySQL
database using a PDO connection and display the database records in the
Why use PDO?
is a choice of only two ways to connect to a MySQL database, either
mysqli, the 'i' standing for 'improved', or PDO. All the old mysql_* commands are
long-since deprecated and inherently a security risk. No mysql_* commands should be used any more, and they should be replaced in old code.
Both PDO and mysqli are equivalent in terms of security as both support
prepared statements, meaning that user input is not entered straight
into the SQL query but sent along a different channel where it is
sanitised and safe to use. Both remove the risk of SQL injection
inherent in using mysql_ commands.
Unlike mysqli, PDO supports named parameters and placeholder question marks; mysqli only supports placeholders. I will show how to work with both in this tutorial and you will see that named parameters are an easier and more convenient way of working with database fields easier.
Unlike mysqli, PDO supports many different database vendors – mysqli as we would gather from the name, only supports MySQL databases. If you did have to swap from one database type to another you would still have work to do as the SQL queries would be different, but at least it would be possible without many changes.
In summary, PDO is secure, flexible, and convenient and the best choice for all new projects and updates, so let's get started.
This tutorial assumes you know how to create a MySQL database in phpMyAdmin on your local machine, but to speed things up I provide an SQL file for you to import the database you need to do the course into phpMyAdmin.