Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:106129
Return-Path: <php@beccati.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 66928 invoked from network); 2 Jul 2019 21:04:23 -0000
Received: from unknown (HELO box.beccati.com) (176.9.123.236)
  by pb1.pair.com with SMTP; 2 Jul 2019 21:04:23 -0000
Received: from authenticated-user (box.beccati.com [176.9.123.236])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by box.beccati.com (Postfix) with ESMTPSA id CDC57200312;
	Tue,  2 Jul 2019 20:22:19 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=beccati.com; s=mail;
	t=1562091739; bh=rAkRNmysDI+yRaM7+4de/PcMOQmkFTNY2v6yeW5A2r4=;
	h=Subject:To:Cc:References:From:Date:In-Reply-To:From;
	b=jYCXVccN8LAH7CbPegT8zqdcmm3iv3eiIGMW8t0edca1nOTUOrF0PE0fSaiUNxmci
	 41XTzP4hQbzn5VWHsqu1km+HxfUcSctFVQFkomrgVFrz5V+1F+i7VCOwjUNQ7kS2mY
	 odFn5KecWFZ94dMsuAKL+Y/WEBJZ8K3kEhEBH66Ji6dFhd/GHWN0cjsIN1U8KkN9+d
	 BrgNFGqlO4VFG9Awu62ZbyKaJSbPRRuVI4cjCciCugwyWs5ZuoNMMOP0ZVysPajqQo
	 J5kzldW+/bmcnyJrVg+vdN4nNiBDzpb+k/rywLSSIhQboMljZCU6Mxxeo8uRAixurH
	 H1Cr3j+Fz5ucA==
To: Nikita Popov <nikita.ppv@gmail.com>
Cc: PHP internals <internals@lists.php.net>
References: <e0af1d39-9468-f845-6784-4308a4c8a201@beccati.com>
 <CAF+90c_nK=R=FDgX_xS388xsZJQ1UfANC61Fb7joyeCY9i-+rQ@mail.gmail.com>
Message-ID: <e1f365d3-b055-57dd-d895-ffcc0a78c895@beccati.com>
Date: Tue, 2 Jul 2019 20:22:15 +0200
MIME-Version: 1.0
In-Reply-To: <CAF+90c_nK=R=FDgX_xS388xsZJQ1UfANC61Fb7joyeCY9i-+rQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] Escape PDO "?" parameter placeholder
From: php@beccati.com (Matteo Beccati)

Hi Nikita,

On 02/07/2019 15:07, Nikita Popov wrote:
> Friendly reminder that this RFC needs to go into voting until Monday
> (preferably earlier) to make it into 7.4.

Thanks! Without the reminder, I would probably have missed it.

> Here's my feedback:
> 
>  * I would prefer to make escaping not driver-sensitive, as the current
> implementation is. Whether ?? is interpreted as a single ? or ?? should not
> depend on the driver.

Most of the feedback I had was quite the opposite (fear of desruption in
the other drivers). In fact in the latest iteration, I went for PDO API
setting, that lets the driver decide whether or not to enable the
feature, which means only pdo_pgsql would be affected:

https://github.com/mbeccati/php-src/commit/b8a9703b805e0dffd618823656c8610777efdc3e

>  * I would prefer to use \? instead of ?? for escaping. The former is much
> more easily understood by a PHP developer and has less chance of clashing
> with operators (PHP itself has a ?? operator, it's not so absurd to think
> that it also exists elsewhere). The RFC argues against this because it
> makes writing a literal \? harder (which would be \\\\?), but I think that
> a) the need for a literal \? seems rather rare and b) double-escaping is
> already a well-understood problem for anyone who ever used regular
> expressions.

Fair enough. Tbh, I have no strong preference... Would "\?" require also
implementing escape of the escape? Would that require some re2c magic?


Cheers
-- 
Matteo Beccati

Development & Consulting - http://www.beccati.com/