Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:121272
Return-Path: <tekiela246@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 51462 invoked from network); 11 Oct 2023 15:47:09 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 11 Oct 2023 15:47:09 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 412EF180507
	for <internals@lists.php.net>; Wed, 11 Oct 2023 08:47:08 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,
	FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <tekiela246@gmail.com>
Received: from mail-yw1-f172.google.com (mail-yw1-f172.google.com [209.85.128.172])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed, 11 Oct 2023 08:47:07 -0700 (PDT)
Received: by mail-yw1-f172.google.com with SMTP id 00721157ae682-5a7af20c488so31974517b3.1
        for <internals@lists.php.net>; Wed, 11 Oct 2023 08:47:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1697039227; x=1697644027; darn=lists.php.net;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=zXNvD23IQrSHXT4fAeohL/M+Pu29XRPpII1gw2a+e44=;
        b=E9cJjtH5S6gIHXiCPe6CO4emFFJbfywN7bK71GJSTcIHRSQaSrWa1mwgxhsqKvGYxq
         qT7sYpxxrBAw2luB2+OcU0/En2bKIstTO6dZyQF85TqRP185NqynLs0dXDdnvf/3BlZ0
         FIDapnBMK5jywBbUCWRNRg5tTvwysWKm3uFEvLm6ahxu23aG7O1C+aGTmZl1ZZcZXXHX
         qzXBCBIMyDMa6voEL+kaMJOI6W8bu0OMpOiL/RTkcjlA5+8SYfdkT/3oD0h6USzlbzwY
         dwQ8kA+wJULZ8XZ6Ts/Mljv0fd70YEa6+Tx5LfhNQo1egfELLdmdMayAuG2kbg4YbihP
         s2YA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1697039227; x=1697644027;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=zXNvD23IQrSHXT4fAeohL/M+Pu29XRPpII1gw2a+e44=;
        b=JnkK1m8oKpxSEVwfB+uGrWJRsApf2RCvMg/nB+bnMc1Th3+qx3IDD6CNtMEs8Xl+HY
         jjIbyPTm/dHFvadPDJ2dcZiX2upTPOEI62S9PzZOFU9uGAZgLobHzJpIHqZYMI7Holgr
         AW4kFQF8XTUGqym7ykBEdt9g1I3I/jq70MGvpcxjR91fOK1AWbPGyEhaIZshu9v0qdLz
         ikSYi5sHMe/7+KKMQdkrYdiNjwjUR7FifVd8X57MY6KBhSxDVlO2exKMfkQc8SMkjKhZ
         ZTJnenTJMzhWQbPeUDY0iyMfHKRjetBT4Wrt91awTI/1c0nq8ofisN0WM/cX4R6Hwvg1
         nlxA==
X-Gm-Message-State: AOJu0Yz/OnMgfm2QjbJVygT4zFmJu69+CT+AEmdI3/7xMDdKJIHDEUbE
	nqm08QeDfXDeVI+qiwjy0dIwDzudndNw5GmhjzJ3KYCH
X-Google-Smtp-Source: AGHT+IFcHq+Pt084XZT1gbpI+/3Htms6nIdcsdVCxbmXW8boYTh/E3jGMs0YcH3bE4XXfTrbxwJA2f0RFOEnfceckjo=
X-Received: by 2002:a81:9283:0:b0:59a:ef7f:5c67 with SMTP id
 j125-20020a819283000000b0059aef7f5c67mr20140114ywg.31.1697039227078; Wed, 11
 Oct 2023 08:47:07 -0700 (PDT)
MIME-Version: 1.0
References: <CAOfzkkyTkfCKfuLyyGNvrbEORDDxNSetbqtg1WnMO2fzbeyWdw@mail.gmail.com>
In-Reply-To: <CAOfzkkyTkfCKfuLyyGNvrbEORDDxNSetbqtg1WnMO2fzbeyWdw@mail.gmail.com>
Date: Wed, 11 Oct 2023 17:46:56 +0200
Message-ID: <CAGBsUrdaKzG8PYS5ubZTP9Mq0xSO84wSwi=mm2ChcTYWpgNUGA@mail.gmail.com>
To: Karoly Negyesi <karoly@negyesi.net>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000004ccc9f060772bcc8"
Subject: Re: [PHP-DEV] Expose pdo_parse_params to userspace
From: tekiela246@gmail.com (Kamil Tekiela)

--0000000000004ccc9f060772bcc8
Content-Type: text/plain; charset="UTF-8"

Hi,

I have to say I am not a fan of this proposal. While definitely a super
nice feature in PDO, it's more of a hack rather than proper feature.
Certain RDBMSs support named parameters in prepared statements, but MySQL
doesn't. Therefore, the solution implemented in PDO is a hack. It's very
flawed and the current implementation has multiple bugs and shortcomings.
One could say that some bugs are security issues.

For the above reason, I don't think we should support this in mysqli. We
cannot reliably implement such feature. We could make a copy of
pdo_parse_params and fix as many MySQL issues as possible, but we would
never be able to fix it fully due to the nature of MySQL API.

If someone wants to implement this in userland, then be my guest. As long
as you are aware of the shortcomings and you know how to use it safely then
it's fine.

Unrelated, but I would not consider the async feature of mysqli useful or
even a good reason to abandon PDO. IMHO the async feature is a failed
experiment with limited applicability.

Regards,
Kamil Tekiela

--0000000000004ccc9f060772bcc8--