Which method is more secure between MySQLi and PDO [closed]

问题

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.

Closed 6 years ago.

So far, I'm seeing that both MySQLi and PDO are good methods when connecting to the database. What I need is which method is more secure between the two. Especially for a person developing a site for a big project that will interact will a large number of people

回答1:

Both libraries provide SQL injection security, as long as the developer uses them the way they were intended (proper escaping / parameter binding with prepared statements when it's needed).

There is no difference in security. The main difference between PDO and Mysqli is that PDO supports various databases and mysqli supports only MySQL. MySQLi is also a bit faster. PDO supports 12 different drivers, opposed to MySQLi, which supports MySQL only.

So about security there's no difference because they both use prepared statements with escaping.

来源：https://stackoverflow.com/questions/16647851/which-method-is-more-secure-between-mysqli-and-pdo