Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:112623
Return-Path: <craig@craigfrancis.co.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 59103 invoked from network); 26 Dec 2020 17:55:41 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 26 Dec 2020 17:55:41 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0549D1804BE
	for <internals@lists.php.net>; Sat, 26 Dec 2020 09:29:26 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <craig@craigfrancis.co.uk>
Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sat, 26 Dec 2020 09:29:25 -0800 (PST)
Received: by mail-wr1-f41.google.com with SMTP id i9so6648925wrc.4
        for <internals@lists.php.net>; Sat, 26 Dec 2020 09:29:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=craigfrancis.co.uk; s=default;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=WFx2Md+7xgoH6PB6WYvBmYJy9Q3/x7pHz8LGDX1v1DA=;
        b=Z+8N3nPGIygfddKV0FWgXo2dbxuVKNe2GdmNg/Y1oU33zIlk6BsE5PsHKsGMJ46+Si
         J7/epMOvduDAxBWGt+JQNvLygfL6xXNHUEt66N5aXtiaBbRmI38xBcGnVJ3mBEoKWGXR
         rIurd0FA4oHyhyASpkxhnjNgDgcW7EEh2qoCY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=WFx2Md+7xgoH6PB6WYvBmYJy9Q3/x7pHz8LGDX1v1DA=;
        b=sT2JUyzem9q0uczQyBC/alLb7YFrxtyHezLQV6vfGNZP0BaDG/nxhvaqVdVsnw2eim
         2WoRUxUcfVzXL8X9PWSE4RW4EV+sKG/oB7m22oZbAxlU36A1Icm79OwI+uU4cts5EKpn
         0PbItkCK5Y4sRIlGSEDFcwhiYh6pIs2fEbPV75fUk6Kc06h1M/Z7gsdwjlnTiDjLrLMH
         d3SmlCp2e1j6fb6Rr+ZS3hhbNKLS7bWCmneDpQkDdXgKZTgpMklRKqfmvAy+6y2bwvOz
         PZftpNXJ1XZgJmJVPzKR1hVwxeN8E11+7ZMVFK+ReqWKQn0T8fv2QkahVgEeXb7p6qsV
         EI7w==
X-Gm-Message-State: AOAM530cLaxqfTnobjuiPbVy1jFV92+SsK4eDPMlp/1zmOUcWEmkk8AW
	HY80ik0/9sfXvwIY8fmO4UUTa6RX0i/fpgFkIde3qA==
X-Google-Smtp-Source: ABdhPJxZ55d1XDdQ4uwd+Xkzp2zG0FAY9twbnBleTWLpYF1H5oG8Q/OIbmoYyGwF2OiItZBtNyBSTI75mh/ri6HRiig=
X-Received: by 2002:a05:6000:4b:: with SMTP id k11mr43618494wrx.76.1609003763995;
 Sat, 26 Dec 2020 09:29:23 -0800 (PST)
MIME-Version: 1.0
References: <CAFv4g+G9k1vdi3F1Aj=UDK48dRBP6nZpSs4-aR36fUPR-8RLXw@mail.gmail.com>
 <CAGBsUrdtubTRfVtzn1-4RAXyL3AKqPwQyBj0gY4Xxqza3+h4dg@mail.gmail.com> <CAKtGGAtTDzq3YRY4z9Q59i5KJr4ZuFF94EN2fcnetHaEsb0BmA@mail.gmail.com>
In-Reply-To: <CAKtGGAtTDzq3YRY4z9Q59i5KJr4ZuFF94EN2fcnetHaEsb0BmA@mail.gmail.com>
Date: Sat, 26 Dec 2020 17:29:13 +0000
Message-ID: <CAFv4g+EmSVTw+ayaiGKExuhdz6Rtzd702R4Za5qsXEerSxF55w@mail.gmail.com>
To: Aran Reeks <cdtreeks@gmail.com>
Cc: Kamil Tekiela <tekiela246@gmail.com>, PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000cba75b05b761615c"
Subject: Re: [PHP-DEV] Making mysqli easier to use with parameterised queries
From: craig@craigfrancis.co.uk (Craig Francis)

--000000000000cba75b05b761615c
Content-Type: text/plain; charset="UTF-8"

Hi Aran,

I'll need someone else to comment, but I don't think the underlying MySQL
libraries support named parameters, so that would be a bigger change (and
probably should be under its own RFC).

Maybe one day, but for now, I'd simply use PDO, which has its own qwerks
(like emulated prepared statements).

Craig



On Sat, 26 Dec 2020 at 15:44, Aran Reeks <cdtreeks@gmail.com> wrote:

> Hi Craig,
>
> An interesting proposal, I'd love to see mysqli improved further with
> support for named parameters (like is possible with PDO), if this was being
> addressed.
>
> It's a common problem when refactoring that the order of parameters can be
> confused, something that's easily solved with named parameters.
>
> Thought welcome.
>
>
>
> On Sat, 26 Dec 2020, 15:14 Kamil Tekiela, <tekiela246@gmail.com> wrote:
>
>> Hi Craig,
>>
>> This is a great proposal, and I am delighted that someone is still
>> interested in mysqli and wants to improve it. I will discuss the
>> proposal below, but first some notes about the RFC itself:
>> 1. mysqli_execute() is not deprecated despite what the PHP manual said
>> for the past 14 years. It is just an alias of mysqli_stmt_execute().
>> It's beyond me why we even have a separate page in the manual for that
>> alias. The mysqli documentation is in such a bad state that there are
>> lies/problems pretty much on every page.
>> 2. Introducing mysqli::execute() would be a great idea, but the name
>> would be terribly confusing with mysqli_stmt::execute(). We need a
>> better name.
>> 3. Please use syntax highlighting. I have already added that for you.
>>
>> I like the proposal, and I think that having a shorthand notation for
>> prepared statement for one-time execution is a brilliant idea. The
>> implementation would not be too difficult, but it would obviously work
>> with mysqlnd only. This in itself is a problem. Ideally, we should
>> drop support for libmysql client but apparently some people think it
>> is still useful. We could emulate the same for libmysql but that would
>> make the implementation more complex.
>> Your implementation example in PHP has a major problem. The binding
>> types should never be guessed based on the value. The type is
>> specified by the column definition. Guessing the type will lead to
>> very undesirable behaviour. 99.99% of the time the values should be
>> bound as strings. If an explicit type cast needs to be performed by
>> mysqli then the long-way can be used instead.
>> Also, rather than binding the variables by reference explicitely, you
>> can use splat operator. This makes the implementation in PHP much
>> simpler:
>>
>> class mysqli_rfc extends mysqli {
>>     function execute($sql, $parameters = []) {
>> // Preparing...
>>         $statement = $this->prepare($sql);
>> // Binding...
>>         if ($parameters) {
>>             $statement->bind_param(str_repeat("s",
>> count($parameters)), ...$parameters);
>>         }
>> // Executing...
>>         $statement->execute();
>>
>> // Fetching mysqli_result or null (only with mysqlnd)
>>         return $statement->get_result();
>>     }
>> }
>>
>> In C code, this could be easily achieved by creating a function that
>> is just a mash-up of all 4 of these functions. I think this would
>> definitely be a nice addition to mysqli, even though I doubt that it
>> will improve the state of mysqli code written by people. After all, we
>> can't force them to use parameter binding.
>>
>> Regards,
>> Kamil
>>
>> On Sat, 26 Dec 2020 at 11:23, Craig Francis <craig@craigfrancis.co.uk>
>> wrote:
>> >
>> > Hi,
>> >
>> > Could the mysqli extension be tweaked to make parameterised queries
>> easier?
>> >
>> > I've started an RFC at:
>> >
>> > https://wiki.php.net/rfc/mysqli_execute_parameters
>> >
>> > I'm going on the basis that some developers use mysqli directly, often
>> > because they want a small stand-alone script that has no dependencies,
>> and
>> > the current mysqli extension doesn't exactly help them make the right
>> > choices.
>> >
>> > Craig
>>
>> --
>> PHP Internals - PHP Runtime Development Mailing List
>> To unsubscribe, visit: https://www.php.net/unsub.php
>>
>>

--000000000000cba75b05b761615c--