Despite of whatever theoretical difference, none of these functions should be used anyway - so, there is nothing to concern of.
The only reason of using PDO is support for prepared statements, but none of these functions offers it. So, they shouldn't be used.
Use prepare()/execute()
instead, especially for UPDATE,INSERT,DELETE statements.
Please note that although prepared statements are widely advertised as a security measure, it is only to attract people's attention. But their real purpose is proper query formatting. Which gives you security too - as properly formatted query cannot be injected as well - just as side effect. But again - formatting is a primary goal, just because even innocent data may cause a query error if not formatted properly.
EDIT:
Please note that execute()
returns only TRUE
or FALSE
to indicate success of the operation. For other information, such as the number of records affected by an UPDATE
, methods such as rowCount()
are provided. See the docs.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…