Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:117593
Return-Path: <craig@craigfrancis.co.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 56731 invoked from network); 25 Apr 2022 09:30:30 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 25 Apr 2022 09:30:30 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 747A81804C6
	for <internals@lists.php.net>; Mon, 25 Apr 2022 04:05:29 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <craig@craigfrancis.co.uk>
Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 25 Apr 2022 04:05:29 -0700 (PDT)
Received: by mail-wm1-f46.google.com with SMTP id c190-20020a1c35c7000000b0038e37907b5bso12271856wma.0
        for <internals@lists.php.net>; Mon, 25 Apr 2022 04:05:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=craigfrancis.co.uk; s=default;
        h=from:message-id:mime-version:subject:date:in-reply-to:cc:to
         :references;
        bh=MhlH3F0kj87kKMdix5I2Q/26+FbrjrI5FmGISqNLZiA=;
        b=BbEIOQkxJ78dESG7mqqiQr2zkvLdvxBqvt/hLVEw56nm/4TsdVrUYsQNUd0AbBXvKX
         M6/sDbR4Mn0/nv6O4xLLLeqwCTq5SrVeXLZNDrxa4gGTKbm0K8SEjlexkQNqvPNArgbS
         kQ0LDJu3/yj/UF1CCrDLUbE63xB03BJmFvzHQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:message-id:mime-version:subject:date
         :in-reply-to:cc:to:references;
        bh=MhlH3F0kj87kKMdix5I2Q/26+FbrjrI5FmGISqNLZiA=;
        b=Fh/BP1YbULB+HAFzWAJ/3uoNYoaw7tjXaEnY5Meg8YDr65thYFs3v1pvjWDvoUE68e
         GcnGm0cta4JQl5bpjnKjilU8LgzfHuR2EDEcwN4AsJ3NbpQcNojZFOz84dS2OenVvhnK
         GMPN+iByCu44giaBjzSMcy3e/vfDYbn0zicgYNnBmQ2kTJjuyLChK9+vv63r98DKHfCS
         UMmQw0nYPMtlMFvhjN6eLYky2jUzzqvYWJU4vma7umnl+/aRsLmY5hDumh9BnyLgAlrf
         +Em2DFie6NBkBrV82mNjP+RTmxBdDmX7mOqKan422Rwac7bhTKI0Wj+dxkQMtSM7FZr6
         0MzQ==
X-Gm-Message-State: AOAM530kPRCCDdDD/+HH/db9BiVkY+Z6iq+z/aK1qg3MQx4QianT56Y/
	1Y+d1wJHGU40S5Lue+hJUejRLQ==
X-Google-Smtp-Source: ABdhPJxPrvO0atj/fC2ChiQhAveinb4mRyfbT+rLnHjC0oHskf/2q6LYf4HkyhMZksNHwioCeLKETg==
X-Received: by 2002:a05:600c:5025:b0:38f:f782:253c with SMTP id n37-20020a05600c502500b0038ff782253cmr26482274wmr.42.1650884727595;
        Mon, 25 Apr 2022 04:05:27 -0700 (PDT)
Received: from smtpclient.apple ([94.173.138.98])
        by smtp.gmail.com with ESMTPSA id f14-20020a5d568e000000b00207ae498882sm8389670wrv.32.2022.04.25.04.05.26
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 25 Apr 2022 04:05:27 -0700 (PDT)
Message-ID: <1804F385-5BB5-4614-8EB3-01042DCF0DD3@craigfrancis.co.uk>
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_FE7E6E4D-FBD1-4B24-A54E-A4E559CEE4BB"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\))
Date: Mon, 25 Apr 2022 12:05:26 +0100
In-Reply-To: <CAC5V6gh1g5mV9OL405u3oLu3N3qTyD5w4e-dUxx4Rdo=cTTVCw@mail.gmail.com>
Cc: PHP internals <internals@lists.php.net>
To: Guilliam Xavier <guilliam.xavier@gmail.com>
References: <CAFv4g+HVtZPhaq+=28ViN8rJKCHCtNJuEWYpWvdSi54_3aNTmg@mail.gmail.com>
 <CAFv4g+FFTzDqw2cyMj1=xuqHF9idV7fyE_W4f8iuxqe2zsE4uw@mail.gmail.com>
 <CAC5V6gh1g5mV9OL405u3oLu3N3qTyD5w4e-dUxx4Rdo=cTTVCw@mail.gmail.com>
X-Mailer: Apple Mail (2.3696.80.82.1.1)
Subject: Re: [PHP-DEV] MySQLi Execute Query RFC
From: craig@craigfrancis.co.uk (Craig Francis)

--Apple-Mail=_FE7E6E4D-FBD1-4B24-A54E-A4E559CEE4BB
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

On 22 Apr 2022, at 13:09, Guilliam Xavier <guilliam.xavier@gmail.com> =
wrote:
> > https://wiki.php.net/rfc/mysqli_execute_query =
<https://wiki.php.net/rfc/mysqli_execute_query>
>=20
> Thanks. Maybe add (or even start with) an example of mysqli_query(), =
to show how "migrating to safer" would become easier? retro-fitting your =
example of parameterised query:



Thanks Guilliam, that's a good idea.

To keep it short, I've gone with a more traditional use of =
`$db->real_escape_string()` with string concatenation, including a =
classic mistake with missing quotes around integer values :-)

I do like your example with `vsprintf()`, but I needed to replace the =
"?" with "%s" as well, with made it look more complicated than pre-8.1 =
prepared statements, I hope that's ok.

Craig


--Apple-Mail=_FE7E6E4D-FBD1-4B24-A54E-A4E559CEE4BB--