Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:108256 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 1561 invoked from network); 27 Jan 2020 03:29:20 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 27 Jan 2020 03:29:20 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 7D5CC1804F3 for ; Sun, 26 Jan 2020 17:39:21 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_40,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS16276 91.121.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from mail.kd2.org (citrouille.kd2.org [91.121.181.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sun, 26 Jan 2020 17:39:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bohwaz.net; s=mail; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Subject:To:From:Date; bh=ps6PMGPxwapiSZGoBrSPtfI8pVxIqo2ZeCsVos4wO30=; b=svRSGaDAjMKlopbTnMcLYubK2FvI85+/4tkOnSIzrfzrfPy/ctC5IQjRvOIV9DKEoELwCkHChDTslVC1pLRZEa7K8G156S0qM0r41r4i+rTf6r9q5gdXw5JXPG5RtLn/Al3yHTNpWFx+FHYiHMEtFew6j6PbsAJk65drG7cndUM=; Received: from [2a01:e0a:28:d640:62f2:62ff:feee:3dfb] (helo=platypus) by mail.kd2.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1ivtN0-0004h3-JO for internals@lists.php.net; Mon, 27 Jan 2020 02:39:18 +0100 Date: Mon, 27 Jan 2020 02:39:12 +0100 To: PHP internals Message-ID: <20200127023912.1167918b@platypus> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Authenticated-User: bwz@bohwaz.net X-Authenticator: login X-Invalid-HELO: HELO is no FQDN (contains no dot) (See RFC2821 4.1.1.1) X-Sender-Verify: SUCCEEDED (sender exists & accepts mail) Subject: The future of SQLite3 and PDO/SQLite extensions From: php@bohwaz.net (BohwaZ) Kia ora, As some of you may or may not know, I've been working on improving the state of SQLite support in PHP on my free time in the last few years: https://github.com/php/php-src/pulls?utf8=%E2%9C%93&q=author%3Abohwaz The last one was adding a userland authorizer callback, which should be quite useful to reduce security issues with SQL statements :) I've done a past RFC on getting some of SQLite features in PDO but it didn't get a great success: https://wiki.php.net/rfc/implement_sqlite_openblob_in_pdo I'm coming back on that point: the relationship between SQLite and PDO_SQLite, as I think it is important for moving forward. What is not shown in my pull request history is that I also worked on some other issues on which I gave up as my time and energy ran out and I've come a number of times on issues that were only affecting one or the other extension. The current state of things is that the PDO_SQLite and SQLite3 extensions do differ on some points but are also very similar on others. But the fact is that the code is completely different and for every issue fixed in one, we also need to fix it in the other, or they might have different issues. This is due to the fact that there are in fact two implementations of the SQLite API in PHP. So twice the effort. I don't think that's the best way forward. I think that PDO_SQLite should get the same features as the SQLite3 extension, and the SQLite3 extension should be deprecated and eventually removed and replaced by a userland library that would wrap around the PDO_SQLite API. This means that the BC breaking should be reduced to just installing a new composer package. Ditching the SQLite3 extension would reduce the development efforts and possible bugs I think. It would also make it easier for newcomers as only one API will be available, without having to choose between the two without knowing that some features will be available in one but not the other. Does that seem like a good idea to anyone else? And if that's the way forward, how should I proceed to port SQLite3 features to PDO_SQLite and get that accepted? Cheers, BohwaZ