To access a database in PHP, we have two choices: PDO and MySQLi. Before marking a choice, We should understand the difference b/w both of them in terms of security, performance, and support. Let's introduce these into brief:
PDO(PHP Data Objects) is the consistent interface to access the databases in PHP. It can access the wide range of databases by using database-specific PDO driver. PDO provides an abstraction layer through which we can use same functions to access the different Databases. It can be used with PHP 5.1 and the newer versions of PHP.
MySQLi is the replacement of MySQL functions which supports the dual interface: procedural and object-oriented programming. The users which are migrating from old MySQL should prefer the procedural way. MySQLi is the safer way of sending data to MySQL by protecting SQL injection and other kinds of security breaches .
Now, let's begin the battle b/w MySQLi and PDO:-
MySQLi offers both an object-oriented and procedural API but PDO only offers the object-oriented API which makes the MySQLi better understandable for the beginners.
MySQLi supports only to MySQL but PDO supports wide range of Databases including Oracle, SQLite, PostGreSQL, MySQL and virious others too.
Both of these are good enough in terms of security including to prevent the SQL injection.
// PDO, "manual" escaping $username = PDO::quote($_GET['username']); $pdo->query("SELECT * FROM users WHERE username = $username"); // mysqli, "manual" escaping $username = mysqli_real_escape_string($_GET['username']); $mysqli->query("SELECT * FROM users WHERE username = '$username'");
PDO and MySQLi both are good enough in the performance but still Mysqli is little bit faster from PDO. It's 2.5% faster for non-prepared statements, and ~6.5% for prepared statements. If every microsecond matters for you then use MySQLi else both are fine in the performance.
From the above discussion we can conclude that MySQLi is little bit faster over PDO and even allow procedural API but PDO provides connectivity to wide range of databases. As far as security is concerned both are absolutely secure and reliable.