4

I am new to web Development, I am currently not using any frameworks.

Till now, I was using mysqli_query($conn, $sql) to send a query to the MySQL server.

Recently I read another technique which use $conn - > query($sql).

I know that $conn->query($sql) is the OOP way of sending query and mysqli_query($conn, $sql) is the procedural method.

I haven't learned Object Oriented PHP yet However, I am going to learn it soon before moving onto a framework.

Could someone tell me the advantages of using $conn->query($sql) over the mysqli_query($conn, $sql)? Is it more secure? Is there something else to it?

I know OOP is better than Procedural, but I'd like to know the main advantages, from the point of Security(mainly)!

kiner_shah
  • 3,939
  • 7
  • 23
  • 37
Ashwin K Joseph
  • 371
  • 2
  • 4
  • 14
  • Same difference, Head or Tail your coin is worth the same. Depends on your need. my opinion. Procedural for short easy query. OOP when you need to 'Work' your data or in longer scripts. Some will say Procedural is better than OOP and you should not use OOP. I thnik OOP is easier for a human to keep track of varaibles but opinion is not an answer here ;) For the sake of security take a look at visibility : http://php.net/manual/en/language.oop5.visibility.php – Louis Loudog Trottier Feb 05 '17 at 09:55
  • when it comes to procedural VS OOP, beside visiblity, i can't think of. Maybe more professional users will add to it – Louis Loudog Trottier Feb 05 '17 at 09:58
  • 1
    If you want to talk about security inside mysqli, i suggest you check out prepared statement. That is a Plus : http://php.net/manual/en/mysqli.quickstart.prepared-statements.php And is mostly treated in OOP – Louis Loudog Trottier Feb 05 '17 at 10:01

2 Answers2

5

Neither.

Three points to get it straight:

  1. There is noting much to "learn". The object syntax is as silly as it seems: just an arrow to access a method or a property. Surely you already go it.

  2. Second option just gets you less typing:

    mysqli_query($mysqli, $query);
vs.
$mysqli->query($query);
  3. Either way you should be using PDO, not mysqli

I know OOP is better than Procedural

This is just irrelevant here. Do not confuse Object Oriented Programming with object syntax. The former is a very complex topic, which takes years to learn and you are not nearly going to get it soon. While object syntax is just a syntax - no more no less. Nothing too complicated to worry about, nor any dramatical benefits either

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
0

"OOP is better than Procedural Programming" - I'd say it depends. If we're talking about performance then yes OOP is efficient and more organized than Procedural Programming. If you're building a large complex project then OOP is the way to go. However if we're talking about security then Procedural Programming method is as secure as OOP method. Especially if you're using PDO. When you use PDO, you use named placeholders instead of passing variables directly into the Query which helps prevent attacks such as SQL Injection. And if you use PDO, you don't need to sanitize your inputs by yourself (eliminating extra coding) because PDO takes care of that.

I'd recommend you start learning with PDO because it follows Obejct Oriented Programming styles so if you start with it, you'll already be one step ahead when you start writing code in OOPHP. Hope that helps.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
Khairul Alam
  • 113
  • 1
  • 1
  • 12