With the deprecation of the mysql_* extension in the current version of PHP and it’s likely removal from the next version of PHP, it got me wondering how many sites will break when the server they are hosted on migrate over to either version 5.6 or 6.0 of PHP. I would imagine that most (hopefully all) of the “off the shelf” CMSs such as wordpress, Joomla, Drupal, MediaWiki, phpBB, SMF, etc, without looking at their code will have migrated over to using either the mysqli_* extension or PDO and hopefully they all use prepared statements, but their will probably be sites running older versions of CMSs or custom CMSs that still use the mysql_* extension.
Whenever I see any examples of code here now that use the old mysql_* extension I always bring it to their attention that the mysql_* is deprecated and if I can’t see from the code snippet how they are sanitizing and escaping data, then I’ll advise them to make use of prepared statements. I always suggest they use PDO over mysqli as it’s easier to change db server software with PDO (just the connection needs changing and any query syntax specific to the old server software).
How many people have got sites or know of sites that still use the old mysql_* extension and have not started work on migrating over to either the mysqli extension or the more preferable PDO and started using prepared statements?
My gut feeling is that as sites on shared servers, as servers migrate over to php 5.6 (which is the version in which the mysql_* will not exist) or 6.0 (whenever that does come out), that many older sites that use the mysql_* extension will vanish from the net.
That is an article that explains how to migrate your code over to using PDO and prepared statements, it’s not hard, just time consuming. I’ve got 226 queries left to migrate to using PDO but I would imagine that some sites will have many more then that. So if you’ve got a site still using the old mysql_* extension, now is the time to migrate it over to PDO and to start using prepared statements. Would you rather spend time now migrating over, testing on your development server or find in a few months time when your site breaks when the server it’s on has the mysql_* extension removed and you’re panicking?