Is it bad practice to query a database without providing a link identifier?
In PHP, it is possible to do things like $results = mysql_query("select ....");
(see how no link identifier was provided).
The only thing that requires is that a mysql_connect()
function has been called before, successfully.
Now I 开发者_JS百科tend to alway provide a link identifier but I don't really know why.
Is calling queries without a link identifier any less secure than the other way (providing the link identifier in every query)?
The link identifier is needed when you have an application that needs to connect to more than one database server in the same request/transaction.
It's a good idea to use it even if you only have one database. "Explicit is better." Oh wait, that's Python.
No, it is not any less safe.
However, using mysql_*()
functions are less safe than PDO because they don't have parameter binding by default.
If you switcht to PDO and use bindParam()
, then it is safer than mysql_*()
.
If the system will never connect to multiple databases, there are no consequences in practice. I'm sure there are some in theory, which I will be informed of via flaming comments in no time!
精彩评论