What are the risks of using mysql_* functions in PHP and why should they be replaced with PDO or MySQLi?

The risks of using mysql_* functions in PHP include deprecated functionality, lack of support for prepared statements, and vulnerability to SQL injection attacks. It is recommended to replace mysql_* functions with PDO or MySQLi to ensure better security, performance, and compatibility with newer versions of PHP.

// Using PDO to connect to a MySQL database
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'username', 'password');

// Prepared statement to prevent SQL injection
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = :username');
$stmt->bindParam(':username', $username);
$stmt->execute();