Consider PDO as a built in class that comes packaged with PHP to make it very easier for you to interact with your database. while developing a PHP Application you need to take care of lots of things like establish a connection, create query, to fetch the result convert resource into an array, escape MySQL Injection using
mysql_real_escape_string() now that is a lot of things to be taken care of, least but not the last consider a situation where you want to jump from mysql to mysqli or MSSQL for that you need to go through each and every function and change every line of code to suit the need. PDO eradicate all this problem by providing one centralized class.
To elaborate have a look at below code.
to establish a connection to MySQL Using PDO :
$dbh = new PDO('mysql:host='.HOST.';dbname='.DATABASE,USERNAME,PASSWORD);
that's it, the connection is established and you could reuse $dbh for performing queries for example to fetch the result from a table user you just need two line of code.
$sth = $dbh->query('SELECT id,name,email FROM users'); $user = $sth->fetch(PDO::FETCH_ASSOC);
$user will have all the values fetched as an associative array.
To Insert value into the database you need to do the following.
$sth = $dbh->prepare('INSERT INTO users(name,email) VALUES(:name, :email)'); $sth->bindParam(':name', 'My Name'); $sth->bindParam(':email', 'firstname.lastname@example.org'); $sth->execute();
The above code is using named placeholder, this way PDO will keep you safe from many vulnerabilities as it will keep you away from MySQL Injection. to get you started have a look at this tutorial by netttus, they have explained it very nicely, this article will explain all your dilemmas regarding PDO
The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP.
PDO provides a data-access abstraction layer, which means that, regardless of which database you're using, you use the same functions to issue queries and fetch data. PDO does not provide a database abstraction; it doesn't rewrite SQL or emulate missing features. You should use a full-blown abstraction layer if you need that facility.
PDO is an object oriented class for composing and executing MySQL queries. This may seem like an added layer of complexity, but PDO actually allows you to write queries more simply in your php, and to programmatically write queries (other code constructs the different lines of your query for you).
PDO also takes care of a lot of security issues like escaping your sql queries. You'll never do any of these things if you don't use a database abstraction layer like PDO, and even if you try to, you can easily forget, or do it incorrectly.
If you aren't concerned with security (things like SQL injection) and you are able to write the natural MySQL queries you need, then you don't need to worry about it. Learning it may make things easier in the future when you work on more structured projects that utilize frameworks.