The transition from mySQL to PDO has been a lot less formidable than it first appeared that it might be. PDO or PHP data objects is a new interface for SQL. It is an object-oriented model and this can make it appear more complicated than it really is. My appreciation of this programming methodology was helped in no small way by the discovery of a very useful article entitled PHP Database Access: Are You Doing It Correctly? which made the understanding so much simpler.
Why the need for change?
mySQL and mySQLi are often considered to use deprecated function calls which, apparently, leaves them susceptible to SQL injection attack. I have been receiving numerous emails from Namesco, my hosting provider, warning me that my web site exhibits just such vulnerabilities. After much research and testing of my PHP code I was forced to concur that my site was indeed likely to have these weaknesses.
My site: My Dictionary uses only a few PHP templates to produce a dynamic web site. And the very simple user-interface belies some quite complex PHP code driving the whole database lookup functionality.
My first expectation was that I would need to start from scratch with a complete rewrite of all the PHP code. But, after giving the matter a great deal of thought and having to reverse-engineer most of the code, I was not very good at documenting the original code. It transpired that so long as I could identify the particular data access sections and convert these to the new PDO equivalent, the transition should be relatively painless.
A successful Outcome – Migrating to PDO
An unexpected Bonus and an undiscovered Problem
The Migrating to PDO complete, all that remained was some usability testing. All was well, in one respect it was better than well; it was great. The new PDO model appears to be far more efficient than the old mySQL model as the site is now noticeably more responsive. Of course it wouldn’t be normal if all went off without a hitch. It is not a hitch, as such. But I notice that certain words contain what I refer to as inverted wuote symbols. These are displaying as ‘question’ icons in what looks like a font selection problem. It was always considered that fonts were installed on the local machine but, pages displayed from my local web server are fine, so it is a web server issue. A work around should be possible. I just need to throw together a little VB application to scan all the records \nd replace the offending characters with simple single quotes. Easily achieved but more work I could have done without.
Hopefully this successful migration from mySQL to PDO will see improved performance of my web site and a halt to the warning emails from my hosting provider.
A final bonus to this transition to PDO was that I could introduce some error-trapping in my new PHP code. I had originally developed the pages in PHP4 which did not have error-trapping functionality. The advent of PHP5 introduced the exception class of event-driven error handling so, I could utilise this to further strengthen my code against any potential malicious attacks.