Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:112695 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 73142 invoked from network); 31 Dec 2020 11:53:41 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 31 Dec 2020 11:53:41 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id A6CF91804C4 for ; Thu, 31 Dec 2020 03:28:35 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 31 Dec 2020 03:28:34 -0800 (PST) Received: by mail-wr1-f52.google.com with SMTP id d26so19834063wrb.12 for ; Thu, 31 Dec 2020 03:28:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=craigfrancis.co.uk; s=default; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hw00/J+HZEryzBQKZOCFUq05/bvon5RpOWUZqA3ngC8=; b=XW1sLR5mEOEiuZaecWgrLlBl6QM4SGuU21g57UFsrknGz/LIrpk9m9y0UYrR8vNkZS 2q8Bs0utfVHTxQBHU3VOqQKY/Kw03T1vdnXbuUMg3yTDWoVvowPORsNdeOGRFGZjmGzg pokOsTN9nFY2jznxEgQt+OO13K0IZ/Qh60vC4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hw00/J+HZEryzBQKZOCFUq05/bvon5RpOWUZqA3ngC8=; b=UILvIlbiCsDpHBVyWYbs1WxZmry/v5PZ+WK6iZoCBJLjVXfXHXufMT3a1u/ZRI65Ig gfU33juLRza3MtU3vkezvi4VDzC2shU1z/XdlvmNtbCeM908I0qzrEp021iE5iyJDlKk 8z4XerxCaVVVcplt7cO6kq2aKqr0RyTVebWBpxrmFPIIi3sOxaTVWPGQ77jjnD1uCmrm 2GTuJ3mHqSaNC3xiorIbf0KtKf0ekcCqAKuZvZkPpR+LRCw2WUBhtan6UaXUkzPEgSjY u1wx06V9A4k0+t0edBdAclX09KWGrULkJlHRwzjFhJczX/oOr1jnA5eXYyHFZh595YXE 4wJg== X-Gm-Message-State: AOAM531opZ7JrroD58XSIUCPDJ+JI5b3TuyhG8EPs8YlLM7X5jrV0Dkv 4NrZNLSHPgbx1ubgJ/IUpbPRzu7pQNmiedni05bGRg== X-Google-Smtp-Source: ABdhPJyiZQPqbpPylRs05NKm45Tbwjm/pPNUsrtF9ZM8BlAVrlKciSGG8QsmD4lk0uGvLj2v0dogh1dmnes/nXOgtSE= X-Received: by 2002:a5d:4a4e:: with SMTP id v14mr63790771wrs.80.1609414112276; Thu, 31 Dec 2020 03:28:32 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Thu, 31 Dec 2020 11:28:21 +0000 Message-ID: To: Kamil Tekiela Cc: PHP internals Content-Type: multipart/alternative; boundary="00000000000075807c05b7c0ecbf" Subject: Re: [PHP-DEV] Mysqli improvements From: craig@craigfrancis.co.uk (Craig Francis) --00000000000075807c05b7c0ecbf Content-Type: text/plain; charset="UTF-8" Hi Kamil, I like these proposals, especially error reporting, which I've got caught out with before: https://bugs.php.net/bug.php?id=78932 As to "add bind-in-execute to mysqli", by passing an array of parameters to mysqli_stmt::execute(), this is something I'd really like to see. I just wonder if we could take it a little further, so a query can be executed with parameters with one function/method? which is what I was proposing last week: https://news-web.php.net/php.internals/112618 https://marc.info/?l=php-internals&m=160898181628407 Only because I'd like the "right way" to also be the easiest/fastest way, on the basis that developers just want to get the job done, and the simplest way should be the best way. Today, I still see a lot of this: $name = ($_GET['name'] ?? ''); $sql = 'SELECT * FROM user WHERE name LIKE "' . $name . '"'; $result = $mysqli->query($sql); while ($row = $result->fetch_assoc()) { } Yes, not even using error prone (flawed) escaping - something we can address in "phase 2" :-) I suspect (heavy sarcasm implied) it's because it's so much easier than this monstrosity: $name = ($_GET['name'] ?? ''); $sql = 'SELECT * FROM user WHERE name LIKE ?'; $statement = $mysqli->prepare($sql); $statement->bind_param('s', $name); $statement->execute(); $result = $statement->get_result(); while ($row = $result->fetch_assoc()) { } So I really like how you've avoided the difficult bind_param() method, with it's annoying $types string, and pass-by-reference issue, so it looks a bit more like: $statement = $mysqli->prepare($sql); $statement->execute([$name]); $result = $statement->get_result(); while ($row = $result->fetch_assoc()) { } I really hope you can do this - as it allows the developer to re-issue the prepared statement by calling execute() again. But I'd still like to go a little bit further, so we can get $result in a single function/method call, like the original (flawed) approach: $result = $mysqli->execute($sql, [$name]); while ($row = $result->fetch_assoc()) { } Craig On Wed, 30 Dec 2020 at 18:33, Kamil Tekiela wrote: > Hi Internals, > > I would like to start a discussion about possible improvements to the > mysqli API. I have written an RFC which explains all my ideas. > > https://wiki.php.net/rfc/improve_mysqli > > As the RFC is nothing more than a concept at the moment I am looking > for some feedback. I attempted to implement some of the changes myself > but due to my limited experience with C and PHP internals I didn't get > far. I would appreciate if some volunteer would like to help me to > implement the changes once they are ironed out. > > I understand that the RFC will need to be split up before voting. > > Kind regards, > Kamil Tekiela > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > > --00000000000075807c05b7c0ecbf--