Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:113312
Return-Path: <tekiela246@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 68839 invoked from network); 27 Feb 2021 18:40:24 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 27 Feb 2021 18:40:24 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id B087418050B
	for <internals@lists.php.net>; Sat, 27 Feb 2021 10:29:57 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_40,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,
	FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <tekiela246@gmail.com>
Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sat, 27 Feb 2021 10:29:57 -0800 (PST)
Received: by mail-ej1-f42.google.com with SMTP id bm21so1670904ejb.4
        for <internals@lists.php.net>; Sat, 27 Feb 2021 10:29:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=eKWYZepCgl6w59IO2mOLWmjVtQ8zrJxa6TjM1XAREYM=;
        b=nYpZvPANLvsqq49uXuMYoCFF2Y3mnWgmowVTylZbjMXk5zcq7Bn+Nqx6Rat++c4sSb
         Ne2854DN27FMMhFbr0cVCkQZURabSzi+uXHh0xmbcHtMKMFF/O6jtHw/yZLSuWr98OKS
         lOPvEFMgHQbKgAWYo+O9SPm0suB3yCvObbQSeGMV1T6+QC7Tjv2cUty7qoV5kxZM3854
         GbxMvQeCG9OTBE5BqitXpKS5pKO1+6MrhH1YXw84GSZ2nExHE3tTaYG0zcFo9v6Kiad2
         Z70WeOK3ZkfxVnfEAtOJ+ey0tjPhv0apCOFubseNUG4VO76MeCSAYhKxHpUTytGBFlOU
         i28w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=eKWYZepCgl6w59IO2mOLWmjVtQ8zrJxa6TjM1XAREYM=;
        b=h43mjJrfmw4YTWBRlPw2+1BDAmfdDy6Nb3EgT4G0LVRFpW1QoYzini0VRUIa+3JRK+
         TBrkYsAC8pcs6h4b23+25KnxZUwgwdiQ76oj1DIwCZcg6Q857C9wWKN/CYfqop5EtW++
         gERIdXcorfQMf4IBCAZ0gHHHiIt7grWGxGso3TuNuQ1/jCouMsIi1HTp0lRU7pTLo/A2
         stA2A4vqPzSJY1aVacrj6iQWmO6pIC487IlCw67Yni7UojeqvNX3rKjKtOkVhO7Tg5FJ
         HNVSj1F7JtC7dzqbTbmcEDV5mKu4rdfyDZJr26UvTCuju8Xs+ZFzE2rtysRb22ns04ND
         oTnQ==
X-Gm-Message-State: AOAM531sT8RTF0yowCUZpEz/UKiT1MgdczvcEN0OcN8mSTX8O2UkT8hg
	KQo7Fh7IUfvzCoHyb99Ymnzkt5Q2iRzeoyXRfSc=
X-Google-Smtp-Source: ABdhPJzeXpy8CP0iukbrRDRYAaCGlYd/hiN9BuL+i+ZXj/WEf2A8qQ0cv2XdP1TXNN4TPrVEmCQtsuvqCGZ3llshetc=
X-Received: by 2002:a17:906:38a:: with SMTP id b10mr8996383eja.438.1614450594468;
 Sat, 27 Feb 2021 10:29:54 -0800 (PST)
MIME-Version: 1.0
References: <CAGBsUrddzJQu3JtqCdLjyHOBf71gj5LpNKuV=OmYGm0Vd3n9Yw@mail.gmail.com>
 <CAF+90c8GDMs5f0i27n8gGNx_TvwqKH9CqsW8eSgEf+8mGrdyZA@mail.gmail.com>
 <84a86f15-313e-1fb3-eb09-7fd6bbdeb5ce@php.net> <821813eb972cd5dad30a0e10385a115a9a8908a2.camel@schlueters.de>
 <CAGBsUrfF5Xk+ne6fo46EivKN82OQeM=0yAcPe5r2y9-ZgPEYrw@mail.gmail.com>
 <2d9e003c-2a05-9cfa-8625-5aedf5b069f6@gmail.com> <CAGBsUrf2CNq33sQ1HLCAkzT+P1BaykYPfmf4Wsx0MZNtZUz+MQ@mail.gmail.com>
 <445707c1-2b67-1f46-8d93-d9e0ca420b87@gmail.com> <CAGBsUrdiBXDGg9ibbLyxcMobvohRev3SPi_doFMTp=dELOnKMw@mail.gmail.com>
In-Reply-To: <CAGBsUrdiBXDGg9ibbLyxcMobvohRev3SPi_doFMTp=dELOnKMw@mail.gmail.com>
Date: Sat, 27 Feb 2021 18:29:43 +0000
Message-ID: <CAGBsUreg5PPDev3v1vMMb-EUd85xdNSNcASBDm83nvkoHUJp2A@mail.gmail.com>
To: Rowan Tommins <rowan.collins@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="00000000000030d70b05bc559280"
Subject: Re: [PHP-DEV] [RFC]: Change Default mysqli Error Mode
From: tekiela246@gmail.com (Kamil Tekiela)

--00000000000030d70b05bc559280
Content-Type: text/plain; charset="UTF-8"

> The code shown here https://www.w3schools.com/php/func_mysqli_connect.asp is
relatively correct at the moment. Maybe not nice, but it handles the error.
That is the second hit on google (after php.net manual) when searching for
"php tutorial mysqli_conect") Most other books, tutorials, ... teach the
same.

w3schools is hardly something that should be regarded as a reputable source
of information and should not impact the direction PHP is heading in.
This problem comes mostly from the fact that the developers who wrote these
tutorials were unaware that there is automatic error reporting available.
PHP manual didn't explain this either. This RFC proposes to change that by
making it the default so that people can't miss it.
The reason why I really want this default setting to change is that I was
lied to by books and tutorials when I was learning PHP. I wish I knew about
automatic error reporting instead of struggling with invisible SQL errors.
I still hold a grudge against the tutorials teaching me manual error
checking or the use of real_escape_string. I do not want new developers in
the era of PHP 8 to suffer the same pain I did.

> Spend a day looking at stackoverflow and you see a different world. Also
many users just want to use a PHP app and don't care about PHP.

Yes, but once again the problem is the old tutorials that teach it
incorrectly. Most of them still are vulnerable to SQL injection. We can't
change the tutorials but we can change the recommended setting in PHP.

> In 8.1 add deprecation notices to mysqli_connect & friends AND to access
to the connection_error (if I remember right that goes via the __get hook,
thus we can add a deprecation note to a "property" access)
> The later is a good place as many people use the @ operator on the
connect, but not on the error check.
> In a later version we change it.
> That gives a chance to reach users. We will still miss many, but for a
notable amount of people there is a chance.

I believe Nikita has proposed it already. I am not very happy about it as
this would mostly go unnoticed. People who have mysqli error reporting
silenced often have every other error reporting silenced too including
deprecation notices. Adding such deprecation notice would just create
another confusing PHP error that developers would have to fix. I am sorry
to say this about my fellow developers but many of the ones that you are
targeting with this proposal who wouldn't read an upgrade guide before
upgrading, are also the ones who would ignore this deprecation warning in
their error logs. "Hey, the code still works, I don't know what this
deprecation notice is talking about!"
For these reasons, I am unwilling to go through a deprecation phase. I
believe it would be just a waste of time. But if this is the only way that
this change will land in PHP then I would also accept it as a very
unsatisfying compromise.

>

--00000000000030d70b05bc559280--