Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:113301
Return-Path: <rowan.collins@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 43858 invoked from network); 27 Feb 2021 14:50:22 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 27 Feb 2021 14:50:22 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 515821804D0
	for <internals@lists.php.net>; Sat, 27 Feb 2021 06:39:52 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_20,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <rowan.collins@gmail.com>
Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sat, 27 Feb 2021 06:39:51 -0800 (PST)
Received: by mail-wr1-f44.google.com with SMTP id 7so11408521wrz.0
        for <internals@lists.php.net>; Sat, 27 Feb 2021 06:39:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-transfer-encoding:content-language;
        bh=ELnjiZciFNxvrC0U5W/0duNJ4oqvZVNvzrqzglmo8ME=;
        b=PV0Gf2EXXke529/ASusSloQzGp890a05kDdTZEvCJVL9K6GinQcotphsxcjxfTll4a
         p+oVb65IjLxz7qXdXOQdKPuVKHUmyvvXHFynnM5oAk6mTM2xckkVpfrwytDziCaZgv7n
         5q1uPGAgdEdN7OQrigZhZwdyms9ZjtOCQ16d4IKL9Pl8FQiih7bYt1S5Dbvvj3AbAqtP
         t+n/EdWeF1IAKOFFXuLm5kFiTEo8zbkWLYxrA2iaMn/7PXwp/QCI958WpiVGw3JuYT18
         evQ/NuYJlF7fLhLcJBwe99rqTgR54egfTD4zjt9F3vEZApf9Jm3MoZD8IVcXFsG4LPQB
         N7Ew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding
         :content-language;
        bh=ELnjiZciFNxvrC0U5W/0duNJ4oqvZVNvzrqzglmo8ME=;
        b=QKoxT9lGZBjEbNzag9Kb/+25TKHgtWB77NfUakY59FrIycTULKlal+6//E595NjPgu
         1Zh9yob39tbUHZYY6LB/uOa8kcZ7Mc/YPcxgmwukOhphAG20vJEqupF7DUENWmoAJpP8
         63R4nHHHrQyqCpG/ULENjJ4jeh7wmHCCXHNYgv8X/55txxA0oSERZe02xxhiPl78Q+by
         Jlda9klhBE8dmCUIBMa0E26pCxUrxJaBb1Dp+ZXvD+0va4o5hE/emRPccWFRw5AySNoB
         /CS1XxFvgNJkXj3VjaW5Qr0Ubd/G63iAsyJEs4P8uZjO2sRFnHcIBpSWA3Dfasudwd+m
         eHKw==
X-Gm-Message-State: AOAM530xNPsk77VjND68uC+DUH/O3sAIRgMSaSnoNOXEj8qXuV2ZL/2d
	k0TGf0QUmn4VjOhlk1OJb9FcHNAF1hQ=
X-Google-Smtp-Source: ABdhPJzkLj5S95P5dAe6jC+K+xFECbwuPiOCbJSUA2hdpQZ84w0Q6E9PyuEBvAXUJZQsyJ8mascJbQ==
X-Received: by 2002:adf:bc50:: with SMTP id a16mr8251949wrh.190.1614436790458;
        Sat, 27 Feb 2021 06:39:50 -0800 (PST)
Received: from [192.168.0.22] (cpc104104-brig22-2-0-cust548.3-3.cable.virginm.net. [82.10.58.37])
        by smtp.googlemail.com with ESMTPSA id f7sm15460072wmh.39.2021.02.27.06.39.49
        for <internals@lists.php.net>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sat, 27 Feb 2021 06:39:50 -0800 (PST)
To: internals@lists.php.net
References: <499c2591-fb11-1b9d-d402-39f7ec1c6b85@themad.com.au>
 <6EC89E9A-035D-4D2B-97D7-845DC4FF3E32@koalephant.com>
 <CA+p1FaYJbD5Yyximj5LDdZmeCaxV_p1wnqyb9mfe=Bz9E-LVoA@mail.gmail.com>
 <e6a89e88-bbb3-91b7-e138-66719ba1f8c4@processus.org>
Message-ID: <347e565f-f90a-5fc6-efcf-e28856ad00dc@gmail.com>
Date: Sat, 27 Feb 2021 14:39:47 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <e6a89e88-bbb3-91b7-e138-66719ba1f8c4@processus.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Subject: Re: [PHP-DEV] PDO integer changes in 8.1 will stop many websites I
 support
From: rowan.collins@gmail.com (Rowan Tommins)

On 27/02/2021 14:03, Pierre wrote:
> I'm curious, why are you stating that emulated prepares are not useful 
> anymore ?


Emulated prepares are a slightly dangerous idea, because they give the 
impression of separating query from data, but actually use string 
escaping internally. Historically, I believe there were previously 
scenarios where real prepared queries were not available, which no 
longer apply.


> Using the prepare() function as I remember correctly seems to be the 
> only way to execute a query that allows you to pass an array of 
> parameters instead of having to call PDOStatement::bindParam() for 
> each parameter.


Regardless of whether you use emulated or real prepares, the 
PDOStatement's execute method can be called with an array of parameters, 
and as far as I know always could.


> That's the only reason I use emulated prepares anyway, it allows to 
> use this API without actually preparing the queries, which is what I 
> want most of the time.


This is a slightly different point: when running a query once, it seems 
to currently require two database round trips: one to prepare, and one 
to execute. I don't know what the underlying drivers support here, but 
it would be useful to have a method on the PDO object itself that let 
you provide a parameterised string and its data in one go. That would be 
safer than using emulated prepares, and (hopefully) more efficient than 
using real prepares.

Regards,

-- 
Rowan Tommins
[IMSoP]