In our place we're split between using mysqli and PDO for stuff like prepared statements and transaction support. Some projects use one, some the other. There is little realistic likelihood of us ever moving to another RDBMS.
I prefer PDO for the single reason that it allows named parameters for prepared statements, and as far as I am aware mysqli does not.
Are there any other pros and cons to choosing one over the other as a standard as we consolidate our projects to use just one approach?
Source: Tips4all
Well, you could argue with the object oriented aspect, the prepared statements, the fact that it becomes a standard, etc. But I know that most of the time, convincing somebody works better with a killer feature. So there it is:
ReplyDeleteA really nice thing with PDO is you can fetch the data, injecting it automatically in an object. If you don't want to use an ORM (cause it's a just a quick script) but you do like object mapping, it's REALLY cool :
class Student {
public $id;
public $first_name;
public $last_name
public function getFullName() {
return $this->first_name.' '.$this->last_name
}
}
try
{
$dbh = new PDO("mysql:host=$hostname;dbname=school", $username, $password)
$stmt = $dbh->query("SELECT * FROM students");
/* MAGIC HAPPENS HERE */
$stmt->setFetchMode(PDO::FETCH_INTO, new Student);
foreach($stmt as $student)
{
echo $student->getFullName().'<br />';
}
$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
Moving an application from one database to another isn't very common, but sooner or later you may find yourself working on another project using a different RDBMS. If you're at home with PDO then there will at least be one thing less to learn at that point.
ReplyDeleteApart from that I find the PDO API a little more intuitive, and it feels more truly object oriented. mysqli feels like it is just a procedural API that has been objectified, if you know what I mean. In short, I find PDO easier to work with, but that is of course subjective.
I've started using PDO because the statement support is better, in my opinion. I'm using an ActiveRecord-esque data-access layer, and it's much easier to implement dynamically generated statements. MySQLi's parameter binding must be done in a single function/method call, so if you don't know until runtime how many parameters you'd like to bind, you're forced to use call_user_func_array() (I believe that's the right function name) for selects. And forget about simple dynamic result binding.
ReplyDeleteMost of all, I like PDO because it's a very reasonable level of abstraction. It's easy to use it in completely abstracted systems where you don't want to write SQL, but it also makes it easy to use a more optimized, pure query type of system, or to mix-and-match the two.
Here's something else to keep in mind: For now (PHP 5.2) the PDO library is buggy. It's full of strange bugs. For example: before storing a PDOStatement in a variable, the variable should be unset() to avoid a ton of bugs. Most of these have been fixed in PHP 5.3 and they will be released in early 2009 in PHP 5.3 which will probably have many other bugs. You should focus on using PDO for PHP 6.1 if you want a stable release and using PDO for PHP 5.3 if you want to help the community.
ReplyDeletePDO is the standard, it's what most developers will expect to use. mysqli was essentially a bespoke solution to a particular problem, but it has all the problems of the other DBMS-specific libraries. PDO is where all the hard work and clever thinking will go.
ReplyDeleteI'd go with PDO because MySQLi's binding is absurd. With PDO you can for most queries simply assign your variables by passing an array into an execute query. MySQLi makes binding a dynamic number of variables irritating to say the least.
ReplyDeleteOne thing PDO has that MySQLi doesn't that I really like is PDO's ability to return a result as an object of a specified class type. (ie. $pdo->fetchObject('MyClass'). MySQLi's fetch_object() will only return a stdClass object.
ReplyDeleteIn sense of speed of execution MySQLi wins, but unless you have a good wrapper using MySQli, its functions dealing with prepared statements is awful.
ReplyDeleteThere are still bugs in mine but http://gorilla3d.com/blog/entry/2008-08-03/improved-mysqli-db-wrapper-prepared-statements if anyone wants it.
So in short if you are looking for a speed gain then MySqli if you want it it for ease of use then PDO
In my benchmark script, each method is tested 10000 times and the difference of the total time for each method is printed. You should this on your own configuration, I'm sure results will vary!
ReplyDeleteThese are my results:
"SELECT NULL" -> PGO() faster by ~ 0.35 seconds
"SHOW TABLE STATUS" -> mysqli() faster by ~ 2.3 seconds
"SELECT * FROM users" -> mysqli() faster by ~ 33 seconds
Note: by using ->fetch_row() for mysqli, the column names are not added to the array, I didn't find a way to do that in PGO. But even if I use ->fetch_array() , mysqli is slightly slower but still faster than PGO (except for SELECT NULL).
Personally I use PDO, but I think that is mainly a question of preference.
ReplyDeletePDO has some features that help agains SQL injection (prepared statements), but if you are careful with your SQL you can achieve that with mysqli, too.
Moving to another database is not so much a reason to use PDO. As long as you don't use "special SQL features", you can switch from one DB to another. However as soon as you use for example "SELECT ... LIMIT 1" you can't go to MS-SQL where it is "SELECT TOP 1 ...". So this is problematic anyway.
I use PDO. Learning different interfaces for every single database platform is not worth the effort, and the PDO interface is quite nice. DB specific functions of mysqli are absent in PDO, but you can still get the same job done using database specific queries.
ReplyDeleteAnother notable (good) difference about PDO is that it's PDO::quote() method automatically adds the enclosing quotes, whereas mysqli::real_escape_string() (and similars) don't:
ReplyDeletePDO::quote() places quotes around the input string (if required) and
escapes special characters within the input string, using a quoting
style appropriate to the underlying driver.
I wrestled with this issue a few months ago and settled on sticking with MySQLi. It's extremely unlikely we'll be switching database platforms and there are few things I was trying to do that were much more direct in MySQLi than PDO.
ReplyDeleteI use PDO for my personal projects only, and not for client's project , because of compatibility. Clients may have a lower version of PHP from their hosting provider .
ReplyDelete@e-satis I agree with you. Ypu gave a nice example.
ReplyDeleteAnother reasons, I use PDO over MySQLi are below:
It's cross database, meaning it's the same interface for different relation databases.
It helps protect against SQL injections. Hence its more secured.
PDO will make it a lot easier to scale if your site/web app gets really being as you can daily set up Master and slave connections to distribute the load across the database, plus PHP is heading towards moving to PDO as a standard.
ReplyDeletePDO Info
Scaling a Web Application
There's one thing to keep in mind.
ReplyDeleteMysqli does not support fetch_assoc() function which would return the columns with keys representing column names. Of course it's possible to write your own function to do that, it's not even very long, but I had really hard time writing it (for non-believers: if it seems easy to you, try it on your own some time and don't cheat :) )