Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:115108
Return-Path: <php-lists@koalephant.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 63519 invoked from network); 24 Jun 2021 10:17:16 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 24 Jun 2021 10:17:16 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 263EC1804C3
	for <internals@lists.php.net>; Thu, 24 Jun 2021 03:36:01 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <php-lists@koalephant.com>
Received: from mail1.25mail.st (mail1.25mail.st [206.123.115.54])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 24 Jun 2021 03:36:01 -0700 (PDT)
Received: from smtpclient.apple (unknown [49.48.221.121])
	by mail1.25mail.st (Postfix) with ESMTPSA id 2000F604F7;
	Thu, 24 Jun 2021 10:35:48 +0000 (UTC)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
In-Reply-To: <CAFv4g+Gb6D2dEn=n-9Mp9cMY+9G+HuppOG3YhBRJ5h_vKS0vOA@mail.gmail.com>
Date: Thu, 24 Jun 2021 17:35:46 +0700
Cc: Scott Arciszewski <scott@paragonie.com>,
 Bruce Weirdan <weirdan@gmail.com>,
 Larry Garfield <larry@garfieldtech.com>,
 php internals <internals@lists.php.net>
Content-Transfer-Encoding: quoted-printable
Message-ID: <B19D4D34-4E75-4AB0-A1D0-A591D56D0F50@koalephant.com>
References: <CAFv4g+Gv1qQ2Gtx2Qwo0Dx2Cb_gOXJ=rm7rVy+Jo89PmD-3jnA@mail.gmail.com>
 <CAEMvS4GRaqMBPn7ocBX-XU3jzrtpe+9uGfYpG10qc_iKZY80UA@mail.gmail.com>
 <03f7955c-69a8-4841-9245-449d7851e207@www.fastmail.com>
 <CAFv4g+EaT309KDWz63j3S7n8E58czEWTKUEw9hAvgt7s6R9eKQ@mail.gmail.com>
 <CAKws9z02yCZTb2_mw-5xUO5-QLc4jbOUcBRfJ8nFSNPP1rgO3g@mail.gmail.com>
 <CA+hqhpfUiOMLDZyXTqP+mm9jjG6v+K94Ug7K_zvuuZus_XhOaQ@mail.gmail.com>
 <CAKws9z34nTT0_CXoo4Yq7zO2CZX622has23xmfHbWjfaDrgLqA@mail.gmail.com>
 <CA+hqhpdR=W8nbWy8UBgLtKdvb_KCss5mpzturS67HhqRj4q6BQ@mail.gmail.com>
 <CAKws9z1=6fmCxJWYVfN+xKT+u=_ZTq0m7C0nZPT6LB5scbfpXQ@mail.gmail.com>
 <95D16F2E-E9DD-4964-A0E2-62E1FB0D976B@koalephant.com>
 <CAKws9z1M6aLMJ+T7KEAYbEu7N3ufFi8Lsqpr4GP6G06+8aG3SQ@mail.gmail.com>
 <4DE5E2EC-26D6-4D2C-95A9-B843B440EE87@koalephant.com>
 <CAFv4g+Gb6D2dEn=n-9Mp9cMY+9G+HuppOG3YhBRJ5h_vKS0vOA@mail.gmail.com>
To: Craig Francis <craig@craigfrancis.co.uk>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
Subject: Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted
From: php-lists@koalephant.com (Stephen Reay)



> On 24 Jun 2021, at 17:16, Craig Francis <craig@craigfrancis.co.uk> =
wrote:
>=20
> On Thu, 24 Jun 2021 at 10:55, Stephen Reay <php-lists@koalephant.com> =
wrote:
>=20
>> but still I have to keep asking: Why integers at all?
>>=20
>=20
>=20
> While I'm not a fan of this approach, there is a lot of existing code =
and
> tutorials that use:
>=20
> $sql =3D 'WHERE id IN (' . implode(',', array_map('intval', $ids)) . =
')';
>=20
> $sql =3D sprintf('SELECT * FROM table WHERE id =3D %d;', intval($id));
>=20
> Craig

Yeah you=E2=80=99ve said this about a dozen times now. Parameterisation =
exists. Query builders that do this already using parameterisation, =
exist.