What are the advantages and disadvantages of combining mysql_query() with mysql_fetch_*() or mysql_result() functions in PHP?

When combining `mysql_query()` with `mysql_fetch_*()` or `mysql_result()` functions in PHP, the advantage is that it allows for more flexibility in fetching and processing data from a MySQL database. However, this approach is not recommended due to security risks associated with SQL injection vulnerabilities. It is better to use prepared statements or parameterized queries to prevent these security risks.

// Example of using prepared statements with mysqli instead of mysql_query() and mysql_fetch_*()

// Establish a connection to the database
$mysqli = new mysqli(&quot;localhost&quot;, &quot;username&quot;, &quot;password&quot;, &quot;database&quot;);

// Check for connection errors
if ($mysqli-&gt;connect_error) {
    die(&quot;Connection failed: &quot; . $mysqli-&gt;connect_error);
}

// Prepare a statement
$stmt = $mysqli-&gt;prepare(&quot;SELECT id, name FROM users WHERE id = ?&quot;);
$id = 1;
$stmt-&gt;bind_param(&quot;i&quot;, $id);

// Execute the statement
$stmt-&gt;execute();

// Bind the result variables
$stmt-&gt;bind_result($id, $name);

// Fetch the results
while ($stmt-&gt;fetch()) {
    echo &quot;ID: $id, Name: $name &lt;br&gt;&quot;;
}

// Close the statement and connection
$stmt-&gt;close();
$mysqli-&gt;close();

Keywords

mysql_query mysql_fetch mysql_result advantages disadvantages

What are the advantages and disadvantages of combining mysql_query() with mysql_fetch_*() or mysql_result() functions in PHP?

Keywords

Related Questions