I believe that if someone intends to utilize PHP along with MySQL or any other database server:
- Consider exploring PDO (PHP Data Objects) - an invaluable database access layer that offers a consistent approach to accessing various databases. 1: https://php.net/manual/en/book.pdo.php
- Consider delving into MySQLiMySQLi, which is an excellent option for learning and utilizing MySQL databases.
Libraries examples:
---- PDO
----- No placeholders - ripe for SQL injection! It's bad
$request = $pdoConnection->("INSERT INTO parents (name, addr, city) values ($name, $addr, $city)");
----- Unnamed placeholders
$request = $pdoConnection->("INSERT INTO parents (name, addr, city) values (?, ?, ?);
----- Named placeholders
$request = $pdoConnection->("INSERT INTO parents (name, addr, city) value (:name, :addr, :city)");
--- MySQLi
$request = $mysqliConnection->prepare('
SELECT * FROM trainers
WHERE name = ?
AND email = ?
AND last_login > ?');
$query->bind_param('first_param', 'second_param', $mail, time() - 3600);
$query->execute();
P.S:
PDO wins this battle with ease. Withhas such advantages as support for twelve different different database drivers and named parameters, we can get used to its API. From a security standpoint, both of them are safe as long as the developer uses them the way they are supposed to be used