MySql vs MySqli - how urgent is the timeline for changing

Hello showman,

I too only released about MySQLi a couple of months ago however once you get the hang of it you can easily continue as if you've been using it for years.

The question about how urgently you change is down to what you do. Any future projects should use the newer MySQLi for the simple reason that it is more secure if you use things like prepared statements. These limit SQL injection risks to an absolute minimum because nothing is executed as a query.

In terms of swapping out your other project, technically I would say yes because of the security benefits however it depends on what it is. If this project is a large website, which recieves a lot of traffic then I would say yes, if it handles sensetive or critical data then I would say yes however if it is only a low traffic project which isn't handling anything of value then I would say to just swap things over in stages, public side first and then private side.

It is all about risk analysis, is it likely to be attacked, and if it is then what will they be able to get, is it worth the effort?

Good luck and I hope this helps!

Thank you for that reaponse AHarrisGsy...

Is there any sort of a process that you could suggest for converting from one to the other?

If everything is done with procedural code, is it a simple matter of changing the mysql_ with the mysqli_ or is there a lot more to that story?

I'm curious as to the implementation, and if I could do a little bit at a time and keep the site functioning, or if it is something that I need to do on a ghost site and upload it to the live site all at once after testing it thoroughly..

I'm inclined to change over the site that I'm currently dealing with because of the nature of the site and the data that is on it.

Thanks again,

Douglas

Hello again Douglas,

I'm not an expert on MySQLi however from experience it would probably be best to work on a ghost site and either do it in stages such as the registration system and then upload or do it all and then upload the final.

A lot of it you can swap relatively easily with MySQL to MySQLi however when you first begin you might get some unexpected errors which suprise you, although there is obviously this forum to help.

As a tip, create master files and then call upon the functions in these. Take for example your connection piece of code, in MySQLi it would be:

<?php

    $Connect = mysqli_connect('localhost', 'root', '***', '***');

    if(mysqli_connect_errno())
    {
        die("MySQLi Connection Error, Couldn't Connect to the Database Server");
    }

?>

So that when you come to make modifications you aren't changing hundreds of files, and instead your are editing a central file.

You might just want to check that your host actually supports mysqli - I too recently decided it was time to expand my skillset and do things in what appeared to be the modern way. Pity that the web host I tried my new project on hadn't set the server up for mysqli (client already had a site, so no choice in host), so I had to rewrite things the way I was used to.

If you do decide to switch and the host does support it, watch that in some cases the order of variables is swapped round - why, god only knows!