Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:105814 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 2337 invoked from network); 1 Jun 2019 09:35:58 -0000 Received: from unknown (HELO box.beccati.com) (176.9.123.236) by pb1.pair.com with SMTP; 1 Jun 2019 09:35:58 -0000 Received: from authenticated-user (box.beccati.com [176.9.123.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by box.beccati.com (Postfix) with ESMTPSA id 174B920030D; Sat, 1 Jun 2019 08:46:02 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=beccati.com; s=mail; t=1559371563; bh=EnRQTSxuJaoq5lM04xnvMhN61e6Nd75sydoB6issNTU=; h=Subject:To:References:From:Date:In-Reply-To:From; b=UdlJDZCCz1aQ1zFBmgiDHjTFdyAGxQ+L8zvORuY8TGjDn1Xzg6a+8hL9uU040Vtne ex2eKiF/05WKS3l9qi/EKgU1yNkTXXnOSgEbiNqM6gNZeC36XLrkqo1eeHnDa5ZlMa 10p4oKDSgcppx2ZIEY8YBH+BY9fv4+ifDmKQi++LlPzb6dypiV+DaqtSv+FW34jbWG xtzpDQsL6Aag46ypYslYIypcUe75ey+Pr0G2bYVwqcrWNJsYxu/oc+ApNmlg7M+TK2 uirrQC5wWcnnrFGeXH3+4B8XNKv1bsAcWE7+MbUZ6EsTiQLxjLJAkrAYIMai5BOCBH gZwXOAezTNGDg== To: Rowan Collins , PHP internals References: Message-ID: <7bf38bca-c357-66a0-7fe9-8b4ecd76b9cc@beccati.com> Date: Sat, 1 Jun 2019 08:46:01 +0200 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] [RFC] Escape PDO "?" parameter placeholder From: php@beccati.com (Matteo Beccati) Hi Rowan, On 31/05/2019 18:18, Rowan Collins wrote: > This sounds like a very useful change. As you say in the RFC, these > operators are going to be more and more common for Postgres users now that > they've been defined for JSON types, and users of most other DBMSes will be > completely unaffected. Thanks, the patch is been sitting on my HD since a few years now. Mostly no one complained about the geometric operators containing a "?", but for JSON I guess it's already a bit too late. > I wonder if there's any way we can gauge the BC impact, specifically this > case: > >> The only exception to that is that Postgres (and possibly other RDMSs) > allows the creation of custom operators: anyone having a custom “??” > operator in use would need to escape it as “????”. > - Are there any standard or public Postgres extensions that define a "??" > operator? e.g. anything published on https://pgxn.org/ I couldn't find anything, but I can try and ask on the postgres mailing lists. > - Are there any other databases supported by PDO that allow custom > operators, or which might have a "??" operator or syntax token? Not that I know of. Researching that hasn't been easy, but it seems that most of the databases use "?" for positional parameters in prepared queries. Any additional help would be appreciated. > If there is a risk of this affecting a reasonable number of people, we > could add a deprecation notice on encountering "??" in any SQL string in > 7.4, and postpone adding the escaping mechanism until 8.0. Nice catch. I thought one couldn't have "??" but it seems the parser currently doesn't allow two consecutive positional parameter question marks and "??" was sent as-is. I'll try doing more research on the topic. > One other thing worth clarifying is the precise circumstances where ?? will > be treated as an escape. Is it only when it's a separate "word" (start/end > of string or surrounded by whitespace)? For instance, would "A ??= B" be > "unescaped" to "A ?= B" or passed through as is? Note that this changes the > scope of the BC break, as well as the usability of the chosen syntax, as > both "?=" and "??=" could be defined as operators. No word boundaries involved. Any occurrence of "??" outside comments will be translated into "?", so that operators containing the "?" ("A ?| B", "A ?& B") can be used. If one had defined both "?=" and "??=", they would need to be escaped in PDO as "??=" and "????=". Cheers -- Matteo Beccati Development & Consulting - http://www.beccati.com/