Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:114853
Return-Path: <pierre-php@processus.org>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 5670 invoked from network); 14 Jun 2021 07:50:58 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 14 Jun 2021 07:50:58 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id A5F001804C0
	for <internals@lists.php.net>; Mon, 14 Jun 2021 01:07:09 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,KHOP_HELO_FCRDNS,
	SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <pierre-php@processus.org>
Received: from processus.org (ns366368.ip-94-23-14.eu [94.23.14.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 14 Jun 2021 01:07:09 -0700 (PDT)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by processus.org (Postfix) with ESMTPA id 044ED5101324
	for <internals@lists.php.net>; Mon, 14 Jun 2021 08:07:06 +0000 (UTC)
To: internals@lists.php.net
References: <CAFv4g+F-7F7o6va5wCrojKe+Uysx2Ec3H4yV_mUZYEyNm3MkdQ@mail.gmail.com>
 <D1B12C84-A0FE-4D3E-811C-DF38F1FA4469@newclarity.net>
 <CAFv4g+ES=592UbazDbkZB7AB485hu9gh+=qG-A+KWgOWD4ArVw@mail.gmail.com>
 <CFB0B0B2-A646-4DB1-83B9-DEF7907EDD7E@newclarity.net>
 <5630B850-23F4-4734-B916-D9E181B491AC@newclarity.net>
Message-ID: <429945ed-c328-e3b0-796f-62d7bc1bfe18@processus.org>
Date: Mon, 14 Jun 2021 10:07:04 +0200
MIME-Version: 1.0
In-Reply-To: <5630B850-23F4-4734-B916-D9E181B491AC@newclarity.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Authentication-Results: processus.org;
	auth=pass smtp.auth=pierre-php@processus.org smtp.mailfrom=pierre-php@processus.org
X-Spamd-Bar: /
Subject: Re: [PHP-DEV] [RFC] is_literal
From: pierre-php@processus.org (Pierre)

Le 14/06/2021 à 02:41, Mike Schinkel a écrit :
> A big*NO*  on warnings. Full stop.

Hello,

I agree. A lot of DBAL / ORM / query builders tools exist and use the 
mysqli_, pgsql_ or PDO libraries as simple arbitrary SQL executor, and 
handle the security aspect at a higher level. Any warning raised by the 
low level functions would be too restrictive, and in almost all cases 
always false positives.

Regards,

--

Pierre