Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m looking to refactor some legacy PHP code, and I know that PDO is more secure with the addition of prepared statements and such, but I am wondering if there are any security benefits of using the PDO::query() method vs. the mysql_query() method. Are there?
Short of a bug in PDO or mysql_*, the security issues with database queries are dependent on the query being ran, not what is used to connect to the database.
If you create an insecure query with userdata and execute it with
PDO::query(), it is just as insecure as it is withmysql_query(). Likewise, if you have a secure query, running it withPDO::query()is effectively the same as withmysql_query().