mysqli_query($conn, $sql) or $conn->query($sql)

Question

I am new to web Development, I am currently not using any frameworks.

Till now, I was using mysqli_query($conn, $sql) to send a query to the MySQL server.

Recently I read another technique which use $conn - > query($sql).

I know that $conn->query($sql) is the OOP way of sending query and mysqli_query($conn, $sql) is the procedural method.

I haven't learned Object Oriented PHP yet However, I am going to learn it soon before moving onto a framework.

Could someone tell me the advantages of using $conn->query($sql) over the mysqli_query($conn, $sql)? Is it more secure? Is there something else to it?

I know OOP is better than Procedural, but I'd like to know the main advantages, from the point of Security(mainly)!

Answer 1

Neither.

Three points to get it straight:

1. There is noting much to "learn". The object syntax is as silly as it seems: just an arrow to access a method or a property. Surely you already go it.

2. Second option just gets you less typing:

   mysqli_query($mysqli, $query);
   vs.
   $mysqli->query($query); 
   

3. Either way you should be using PDO, not mysqli

I know OOP is better than Procedural

This is just irrelevant here. Do not confuse Object Oriented Programming with object syntax. The former is a very complex topic, which takes years to learn and you are not nearly going to get it soon. While object syntax is just a syntax - no more no less. Nothing too complicated to worry about, nor any dramatical benefits either

Answer 2

"OOP is better than Procedural Programming" - I'd say it depends. If we're talking about performance then yes OOP is efficient and more organized than Procedural Programming. If you're building a large complex project then OOP is the way to go. However if we're talking about security then Procedural Programming method is as secure as OOP method. Especially if you're using PDO. When you use PDO, you use named placeholders instead of passing variables directly into the Query which helps prevent attacks such as SQL Injection. And if you use PDO, you don't need to sanitize your inputs by yourself (eliminating extra coding) because PDO takes care of that.

I'd recommend you start learning with PDO because it follows Obejct Oriented Programming styles so if you start with it, you'll already be one step ahead when you start writing code in OOPHP. Hope that helps.