Why shouldn't I use mysql_* functions in PHP?
The mysql_* functions in PHP are deprecated, meaning that they are no longer recommended for use and will likely be removed in a future version of PHP.
The mysql_* functions in PHP were removed in PHP 7.0. They are no longer supported, and attempting to use them will trigger a fatal error in modern PHP versions. Instead, you should use the mysqli_* functions or the PDO_MySQL extension. These newer extensions are more efficient and provide better security features.
One of the main reasons to avoid the mysql_* functions is that they are highly vulnerable to SQL injection attacks. SQL injection is a security vulnerability that allows an attacker to execute arbitrary SQL code on your database server. Both mysqli and PDO provide robust protection against SQL injection by supporting prepared statements and parameterized queries.
Here is a quick comparison showing how to migrate from the old approach to modern practices:
// ❌ Old (removed in PHP 7.0)
$result = mysql_query("SELECT * FROM users WHERE id = " . $_GET['id']);
// ✅ New (PDO)
$stmt = $pdo->prepare("SELECT * FROM users WHERE id = :id");
$stmt->execute(['id' => $_GET['id']]);
$user = $stmt->fetch();
// ✅ New (MySQLi)
$stmt = $mysqli->prepare("SELECT * FROM users WHERE id = ?");
$stmt->bind_param("i", $_GET['id']);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();In summary, the mysql_* functions are completely removed from PHP 7.0 and later. Migrating to mysqli or PDO ensures your code remains secure, efficient, and fully supported. For more details, see the official MySQLi documentation and PDO documentation.