Please find below code for MySQL database connection within PHP old version.

$host = “localhost”;
$user = “dbuser”;
$password = “dbpass”;
$dbname = “dbname”;

$link = mysql_connect($host, $user, $password);
if (!$link) {
die(‘Could not connect: ‘ . mysql_error());
}
mysql_select_db($dbname, $link);

$query = “SELECT * FROM table_name”;

$r = mysql_query($query) or die(mysql_error());

“mysqli” extension is an improvement over the old “mysql” extension. In fact, the “i” in mysqli stands for “improved”.

mysqli was developed to take advantage of the new features available in MySQL since version 4.1.3. Also, you can use it since PHP 5. So, if you code with PHP5 with a newer version of MySQL, it’s strongly recommended for you to use the extension “mysqli” over “mysql”.

Key benefits of mysqli over mysql extension

• Object-oriented interface. You can still use the “old procedural” way of calling the mysql extension but the OO version groups the functions by their purpose.
• Prepared Statements. Those are useful to prevent SQL injections and are executed faster.
• Multiple Statements. With this “feature”, you can execute multiple SQL queries inside only one “mysqli” call. This reduces the round trips between the database server and the PHP server.
• Support for Transactions. This is really useful to write robust applications. It gives you the ability to write a group of SQL statements that will either be executed or all rolled back (usually if there is an error somewhere in the process).
• Enhanced debugging capabilities. As an example, you can use “mysqli_debug(…)” to save debugging information into a file.
• Embedded server support. Since MySQL 4.0, there is a library available that can be used to run a complete MySQL server embedded inside a program, usually a desktop application.

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

More serious sql injection attacks

$name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; 

// our MySQL query builder really should check for injection
$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";

// the new evil injection query would include a DELETE statement
echo "Injection: " . $query_evil;

injection prevention - mysql_real_escape_string()

//NOTE: you must be connected to the database to use this function!
// connect to MySQL

$name_bad = "' OR 1'"; 

$name_bad = mysql_real_escape_string($name_bad);

$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
echo "Escaped Bad Injection: <br />" . $query_bad . "<br />";


$name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; 

$name_evil = mysql_real_escape_string($name_evil);

$query_evil = "SELECT * FROM customers WHERE usernam