Alert: PHP to Depreciate Standard MySQL Extension
Here at Zipline, we watch the changes and developments with PHP very closely. PHP is the World’s most widely used, open source, web scripting language and is also at the core of our ZLCMS content management system. Last week an important announcement was made that will effect the future code of many PHP developers and we thought it was important to bring it to the attention of our readers since many of you are PHP developers or manage PHP based websites.
So what is the announcement?
Philip Olson, sent out a message via the PHP Internals mailing list detailing the proposed future plans for the depreciation and eventual removal of the widely popular mysql extension used by many websites and web systems including WordPress, the most popular blogging platform in the world.
In his message, located at http://marc.info/?l=php-internals&m=131031747409271&w=2 Phillip Olson details the proposed plans for the mysql extension:
Don’t panic! This is not a proposal to add errors or remove this popular extension. Not yet anyway, because it’s too popular to do that now.
The documentation team is discussing the database security situation, and educating users to move away from the commonly used ext/mysql extension is part of this.
This proposal only deals with education, and requests permission to officially convince people to stop using this old extension. This means:
– Add notes that refer to it as deprecated
– Recommend and link alternatives
– Include examples of alternatives
What this means to ext/mysql:
– Softly deprecate ext/mysql with education (docs) starting today
– Not adding E_DEPRECATED errors in 5.4, but revisit for 5.5/6.0
– Add pdo_mysql examples within the ext/mysql docs that mimic the current
examples, but occasionally introduce features like prepared statements
– Focus energy on cleaning up the pdo_mysql and mysqli documentation
– Create a general “The MySQL situation” document that explains the situation
So what does this mean for developers?
If you haven’t already made the move to one of the newer MySQL extensions now is a good time to start. There are two newer and more secure MySQL extensions for developers to use: pdo_mysql and mysqli. Here at Zipline, we adopted the mysqli extension about two years ago and make regular use of the robust object oriented functionality offered by this great extension.
While the standard MySQL extension is capable of most of the necessary interaction with the MySQL database system, it has often been criticized due to frequent security exploitations. Untrained, inexperienced, or lazy developers often develop code that can be easily exploited by hackers through various techniques including SQL injection attacks. The transition away from MySQL may be a painful one for some developers but in our opinion it is a great move and will help increase the security of the Internet. We will keep on top of the issue and report any new developments but if you are still using the mysql extension you might want to check out: http://php.net/manual/en/book.mysqli.php