Deprecated MySQL extension in PHP 5.5.x

Question

According to the PHP manual, and a lot of sources on the internet as of PHP 5.5.x the whole original MySQL extension is deprecated. I have a really robust web application th

Answer 1

Yes, you should bother to update your code to work with mysqli or PDO.

The reason lays not only in mysql_* to be inaccessible in future versions of PHP. But also in your security.

mysql_* doesn't support prepared statements/parameterized statements that cover sql protection. You can use mysql_real_escape_string(), but even that is not flawless when dealing with MultiByte characters.

See also: https://security.stackexchange.com/questions/8028/does-mysql-escape-string-have-any-security-vulnerabilities-if-all-tables-using-l and https://stackoverflow.com/a/12118602/1209443