July 19, 2011
Indeed; there are likely plenty of PHP developers who would panic if their precious MySQL extension were to be deprecated. But how many more would rejoice?
It doesn’t even understand the notion of prepared statements1, so even if it weren’t for the scores of my-first-database-bound website tutorials that inevitably lead you to SQL injection hell, you’d have little choice. You’d have the choice of
mysql_real_escape_string and brethren, but that’s a terrible idea.
A language may not always be able to enforce good practices, but it should at least advocate them. Leaving an API in that requires bad practices is irresponsible.
A.k.a. parameterized queries.↖