When I started YOURLS, ezSQL was the defacto MySQL lib to use for coders with a WP background like myself.

Early in the 1.7 dev cycle I built on this and extended the use of ezSQL to offer support for MySQL, MySQLi and PDO, to prepare for MySQL deprecation.

However, some things have changed :

• we'll now require PHP 5.2+ which will, I think, always include mysqli and pdo extension on 100% hosts, including low end shared hosting
• ezSQL doesn't support prepared statements which would take care of SQL injections reports (Blind SQLi #1475, Blind-SQL Injection #1531, Blind-SQL Injection via Referrer #1532)
• I contributed to ezSQL with a few patches recently and realized that its code is not as great as I used to think

So, I think now is the time to reconsider things.

Option 1 would be to patch ezSQL to support prepare methods, for at least one of mysqli or PDO

Option 2 would be to ditch ezSQL altogether:

• adopt one MySQL extension, either mysqli or pdo (which one?)
• use a 3rd party library to make things simpler? (which one?)
• rewrite all functions that deal with SQL

Any thought, any one?