Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:106125
Return-Path: <nikita.ppv@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 11921 invoked from network); 2 Jul 2019 15:49:53 -0000
Received: from unknown (HELO mail-lj1-f179.google.com) (209.85.208.179)
  by pb1.pair.com with SMTP; 2 Jul 2019 15:49:53 -0000
Received: by mail-lj1-f179.google.com with SMTP id 131so16810097ljf.4
        for <internals@lists.php.net>; Tue, 02 Jul 2019 06:07:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=jDkH9LXbC9StaACmBgMsmI39M2dhKsZhXfblBVNak8k=;
        b=CX1T4M/Po8X5FlV+PRP1o/TDmw0VfgrBLE/Wdq40MCy7KRo1MhQPDGZroyrGG9oIMZ
         KhkIA+A345OlS2fZyEZyseb0OpmZz1ZRnQy5Sckg9IUtqPBPKqAskS9OECiZhb6ypMrS
         3QJ9RkIm0/oh2slgZiXFiRs/jge1uxLcwZSIAzobAJO2Ou2Wx71trVdhoSKSe5FPnx91
         njlnwVx/PNOffgC/0kXTIF3igNynd9mZb/DinviHEtcxK44eidVqOcvs03xEavd9glbJ
         3/wxhNCjmTfa5R6LYu+beFazSzR5E+l2LhXFzPWN9kXnlkBR0yUgJijcMc/FQYQnryB/
         /+Gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=jDkH9LXbC9StaACmBgMsmI39M2dhKsZhXfblBVNak8k=;
        b=VAPr2HoP/TLmurUCmpyc6sQscOnBkIHO6rmVTMn0hUI8B275ofbPAxYGh/iHir30YA
         uLHoJMBLlT/P8rCAQqi5+vwAXdWbaE/5SsdEArT4AGee8y2sPBMboQqL64BzxwT9ud1e
         1rrDvz8HT9p9vxs0Eqt1D9UX8+wrX2WnaEOhoam7CH8nY7zERyzi5KekjRXrSJostoL1
         NXt74dNqMQgYFTZ1QLLXtjwOuMOZgay2Z/wGa6DB0msNUwnC+fNCBxSWaf3H//BpqIVp
         qhpWMht1fwOeXeJJhym0RtCJGlDmTNWoi8vWiLtZOifFP5UGyM6yCw1NZsARdgxKLsC2
         OPCA==
X-Gm-Message-State: APjAAAUzMeVMi5zKlQss9kFToAFB9iZp3q/qOL/NG/T+dw9vcFhk2+zj
	QpxuwaviFz28KgPASjLGpK4e5M2lGTeHhOMH9T1z7/DYCjk=
X-Google-Smtp-Source: APXvYqxUYspHoT6hAuV7Qm4CTXbjiuMW6LYTwqoYoCVoonnnWM6AhhztjgQZB2+2n0cTS5GAs3fMtEvua70Uy01D7aA=
X-Received: by 2002:a2e:9685:: with SMTP id q5mr16796582lji.227.1562072866453;
 Tue, 02 Jul 2019 06:07:46 -0700 (PDT)
MIME-Version: 1.0
References: <e0af1d39-9468-f845-6784-4308a4c8a201@beccati.com>
In-Reply-To: <e0af1d39-9468-f845-6784-4308a4c8a201@beccati.com>
Date: Tue, 2 Jul 2019 15:07:30 +0200
Message-ID: <CAF+90c_nK=R=FDgX_xS388xsZJQ1UfANC61Fb7joyeCY9i-+rQ@mail.gmail.com>
To: Matteo Beccati <php@beccati.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000517fce058cb26ef7"
Subject: Re: [PHP-DEV] [RFC] Escape PDO "?" parameter placeholder
From: nikita.ppv@gmail.com (Nikita Popov)

--000000000000517fce058cb26ef7
Content-Type: text/plain; charset="UTF-8"

On Fri, May 31, 2019 at 1:27 PM Matteo Beccati <php@beccati.com> wrote:

> Hi everyone,
>
> following some recent unrest in the comments of the related PR, I've
> decided to invest a bit of time on it and finally move it to draft status:
>
> https://wiki.php.net/rfc/pdo_escape_placeholders
>
> The PR is currently closed, but I will soon rebase and update it.
>
> Any feedback kindly accepted!
>

Friendly reminder that this RFC needs to go into voting until Monday
(preferably earlier) to make it into 7.4.

Here's my feedback:

 * I would prefer to make escaping not driver-sensitive, as the current
implementation is. Whether ?? is interpreted as a single ? or ?? should not
depend on the driver.
 * I would prefer to use \? instead of ?? for escaping. The former is much
more easily understood by a PHP developer and has less chance of clashing
with operators (PHP itself has a ?? operator, it's not so absurd to think
that it also exists elsewhere). The RFC argues against this because it
makes writing a literal \? harder (which would be \\\\?), but I think that
a) the need for a literal \? seems rather rare and b) double-escaping is
already a well-understood problem for anyone who ever used regular
expressions.

Regards,
Nikita

--000000000000517fce058cb26ef7--