a question concerning a tutorial about PDO

steamPunk

I'm trying upgrade my php and I've just been reading this introduction to PDO : http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html#1

in the "Where do I begin?" section there's the following phrase :

If you are reading this you are more than likely to have connected to a database using PHP before using a database specific function such as mysql_connect() or pg_connect or, for the truly evolved coder, SQLite.

Could someone tell me in 2 words why SQLite is more evolved ?
Should I be using SQLite ?

My site host has the SQLite Library version 3.3.7 installed

thanks for any advice on this

laserlight

Could someone tell me in 2 words why SQLite is more evolved ?

It isn't. Besides, the comment refers to the coder, not SQLite, being "more evolved", whatever that means. (The fellow has a team of dinosaurs as co-workers? 🙂 )

Should I be using SQLite ?

Maybe. Read the SQLite documentation on Appropriate Uses For SQLite. In particular, "SQLite usually will work great as the database engine for low to medium traffic websites".

steamPunk

thanks, laserlight - maybe the tutorial guy was one of the SQLite developers

so it's kind of as i suspected - it's more of a personal preference thing

also, I don't like the sound of this bit in SQLite

" ... Similarly, if any one process is writing to the database, all other processes are prevented from reading any other part of the database ..."

as far as i've understood with PDO & MySQL is that you can lock a table but it doesn't lock the whole db, so i think i'll stick with MySQL

erm, while I've got your attention, may I just ask one more question concerning PDO ?

the tutorial suggests that using prepared statements "... helps prevent SQL injection by calling the PDO::quote() method internally" - does this mean that I wouldn't need to use mysql_real_escape_string() to prevent SQL injection ?

thanks

laserlight

as far as i've understood with PDO & MySQL is that you can lock a table but it doesn't lock the whole db, so i think i'll stick with MySQL

Yes, but consider that the entire SQLite database is just one file, and that unless you have many visitors simultaneously attempting to write to the database (e.g., in a high traffic website), locking the whole database does not matter.

the tutorial suggests that using prepared statements "... helps prevent SQL injection by calling the PDO::quote() method internally" - does this mean that I wouldn't need to use mysql_real_escape_string() to prevent SQL injection ?

Yes, though you may need to use PDO::quote() if prepared statements are not used as an escaping mechanism. In my opinion, whether PDO::quote() is called internally is dependent on the implementation of the PDO driver.

steamPunk

ok thanks 🙂

I'll probably be back soon to bother you some more about this PDO business but first i need to set up a db and try it out

cheers