为什么不推荐使用PHP的mysql_函数? [英] Why are PHP's mysql_ functions deprecated?

问题描述

在不久前我停止使用这些功能时，在这里扮演了Devil's Advocate的角色，但问题是真实的，可能对许多SO用户来说很重要.

我们都知道以错误的方式使用mysql_函数可能非常危险，可能会使您的网站容易受到攻击，等等.但是正确使用这些函数可以防止SQL注入，并且是

We all know that using mysql_ functions in the wrong way can be very dangerous, it can leave your website vulnerable, etc. but used correctly these functions can be protected against SQL injection and are actually a fair bit faster than the newer PDO functions.

牢记所有这些，为什么不推荐使用mysql_函数?

Bearing all this in mind, why have the mysql_ functions been deprecated?

推荐答案

mysql扩展很古老，自15年前发布的PHP 2.0开始就存在(!!)；与现代PHP试图摆脱其过去的不良做法相比，它绝对是另一种野兽. mysql扩展是MySQL的非常原始的低级连接器，它缺少许多便利功能，因此很难以安全的方式正确应用 ；因此对菜鸟不利.许多开发人员不了解SQL注入，并且mysql API十分脆弱，即使您知道它，也很难阻止它.它充满了全局状态(例如，通过了隐式连接)，这使得编写难以维护的代码变得容易.由于它已经很老了，因此在PHP核心级别维护它可能会变得不合理.

The mysql extension is ancient and has been around since PHP 2.0, released 15 years ago (!!); which is a decidedly different beast than the modern PHP which tries to shed the bad practices of its past. The mysql extension is a very raw, low-level connector to MySQL which lacks many convenience features and is thereby hard to apply correctly in a secure fashion; it's therefore bad for noobs. Many developers do not understand SQL injection and the mysql API is fragile enough to make it hard to prevent it, even if you're aware of it. It is full of global state (implicit connection passing for instance), which makes it easy to write code that is hard to maintain. Since it's old, it may be unreasonably hard to maintain at the PHP core level.

mysqli扩展较新，可以解决上述所有问题. PDO还是一个相当新的东西，它还解决了所有这些问题，甚至还有更多.

The mysqli extension is a lot newer and fixes all the above problems. PDO is also rather new and fixes all those problems too, plus more.

由于这些原因，* mysql扩展将在以后的某个时间删除.它在鼎盛时期做了自己的工作，相当糟糕，但它做到了.时间在流逝，最佳实践不断发展，应用程序变得更加复杂，需要更现代的API. mysql即将退休，请继续使用它.

Due to these reasons* the mysql extension will be removed sometime in the future. It did its job in its heyday, rather badly, but it did it. Time has moved on, best practices have evolved, applications have gotten more complex and require a more modern API. mysql is being retired, live with it.

鉴于所有这些，除了惯性之外，没有任何理由继续使用它.

Given all this, there's no reason to keep using it except for inertia.

*这些是我的常识性总结原因；有关整个官方故事，请看这里: https://wiki.php.net/rfc/mysql_deprecation

* These are my common sense summary reasons; for the whole official story, look here: https://wiki.php.net/rfc/mysql_deprecation

该文档中的精选引文如下:

Choice quotes from that document follow:

文档团队正在讨论数据库安全状况， 并教育用户远离常用的ext/mysql 扩展就是其中的一部分.

The documentation team is discussing the database security situation, and educating users to move away from the commonly used ext/mysql extension is part of this.

远离ext/mysql不仅关系到安全性，而且关系到 可以访问MySQL数据库的所有功能.

Moving away from ext/mysql is not only about security but also about having access to all features of the MySQL database.

ext/mysql很难维护代码.它不是不新鲜 特征.保持最新状态，以使用新版本的 libmysql或mysqlnd版本是可行的，我们可能会花钱 时间更好.

ext/mysql is hard to maintain code. It is not not getting new features. Keeping it up to date for working with new versions of libmysql or mysqlnd versions is work, we probably could spend that time better.

这篇关于为什么不推荐使用PHP的mysql_函数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！