Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:123150
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id 0E49E1A009C
	for <internals@lists.php.net>; Wed, 17 Apr 2024 16:19:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1713370818; bh=10ANM5opBkJwgzqwcuKVSNQRpivxEDcwrj4h+p2EUJE=;
	h=Date:Subject:To:References:From:In-Reply-To:From;
	b=jN0iOHdBbdANIg0AN6LgMnd0NgcUuf2qj8fx3ggFRuowzwc1QtbRIQoVuOmAs9dYI
	 FGHhFC6Qdl9HFxXrFkXBINGtJuaWl/lcKUk0uE23TcVianTwUV3SUCSKdgyO1HeXat
	 Y9cjjKsp7cP5Yib14ZwVBU7/vCQaJjNN4neFWk2LMkxLy0T6Erd8WT4x39qwd+3yxX
	 S4j/DpuTfDyXk+XpNnV0/YqT2lvQzmP5XVKhlWBlKgzrKzF2dI5YI7WE7glDQ3YEZP
	 7KT6bygoIV9QsVDaJWKuKWW5yi1q3LlZkO9IxrqvFDalc9iS6zKiDaewYGi9aVGaYH
	 XJnqPLQ6htFBQ==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 67887180084
	for <internals@lists.php.net>; Wed, 17 Apr 2024 16:20:17 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,RCVD_IN_DNSWL_LOW,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no
	autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <php@beccati.com>
Received: from wfout3-smtp.messagingengine.com (wfout3-smtp.messagingengine.com [64.147.123.146])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed, 17 Apr 2024 16:20:16 +0000 (UTC)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
	by mailfout.west.internal (Postfix) with ESMTP id 683611C00116;
	Wed, 17 Apr 2024 12:19:38 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute6.internal (MEProxy); Wed, 17 Apr 2024 12:19:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=beccati.com; h=
	cc:content-transfer-encoding:content-type:content-type:date:date
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm1; t=1713370777;
	 x=1713457177; bh=wS57D/WadbluVixkTJ8mH/09C3+gZ8ikYzzNt5wKQ3Y=; b=
	DewcOECRMpN9yzq88ZkxDCWTr4EaEy/uek0XysphrA8fD9ggvrgpyxmomqjOiRxJ
	KgkFETGKSNVkN3R2lsIHwMn3mKHQlx+qN1rkg1ZajZCvqjPJjb9WpUjKIQHR/8qd
	HrzfXvItg1jAXnO+NdGrSzRiZeOQUWBt39CH0Q4a+C+NZeCsPpI8NrIpt/nHEIJU
	vbZK5lIB5SK0hII9YDqN7nHhqr+R1jvJHetvTvmg62lXOAm9psUNtn12LCEdIrwb
	Qm+Ez8p3nUk/WNCwl3eNLoGZ8WzgknA/MZzaL4LrIKg8YvwilsNcJ11OpeGxe691
	ptgg8Kmv61PP3z2hXovEww==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1713370777; x=
	1713457177; bh=wS57D/WadbluVixkTJ8mH/09C3+gZ8ikYzzNt5wKQ3Y=; b=U
	G9jV9S+NEKPRhdvqa5ldSi9sebFO422000a2MxnrKKhYPe96v0KM5OUItunRoA+3
	2u1S9fyrJ5ylZQe3Bx4jlD3yIFu02GFS0ielb3TqSSW8i+4iqKWNQWCwN/ZeB8tZ
	x4QKX7ACxVfyVBf4CW2o/MYZ3hJGeZA7S3UCg4VeN7iSYbeVLESY+yOJjIQ8fspt
	axipSUT1xvw4X1AM8hV5Hihv3BpXsJfk/RP0NzMEXYHBDF2sf3ziTFDCdaHLUr76
	bVnrqGDW5f+vNK5Q3GAoR9zuOSd1M6hfdYbRu1AfaoWdGueL5ALRSPu6IKcX+xIo
	95q5i6qN2osOORT38OCtQ==
X-ME-Sender: <xms:mfYfZmunVTorsA7voc8FsD1Jrlk3qF47IxEIBaEiPbeOlUzuDnY3dw>
    <xme:mfYfZreGfDNMD0FDxx82B6VuTIpigi5Ox3pQeP46Lm_Ips-CvnuZya-MbEwAcHHk-
    RhBCcjucSYfovT9gQM>
X-ME-Received: <xmr:mfYfZhweIqc2ac7-cMwLxzI8GrHIUxnsM8YX8S8jV04QVgkylp5FdTFs-Vyhch3Mmcfa2cfIuX4EHW_evrPhoVSZ_oZAkdu7FBvg87iIOuQE8x58>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudejkedgleelucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
    cujfgurhepkfffgggfuffvfhfhjggtgfesthejredttddvjeenucfhrhhomhepofgrthht
    vghouceuvggttggrthhiuceophhhphessggvtggtrghtihdrtghomheqnecuggftrfgrth
    htvghrnhepffdtfeeileetvedvkeejjefguefggfeuleekuddvueelkeekgeejfeejueef
    ledvnecuffhomhgrihhnpegsvggttggrthhirdgtohhmnecuvehluhhsthgvrhfuihiivg
    eptdenucfrrghrrghmpehmrghilhhfrhhomhepphhhphessggvtggtrghtihdrtghomh
X-ME-Proxy: <xmx:mfYfZhNmRx-tbA45KDiePVpgR7QXO5mHPClMPK2N2ctFDpZTBxA6iA>
    <xmx:mfYfZm9M40Z_PsR7Ch_forITVJDUwprzEQeiQWtliF5O0csNIX9BTw>
    <xmx:mfYfZpXhrZ4EqbJb2IhDt_dOJC86dhqagV7gSoZWte0bWoILx0V_2Q>
    <xmx:mfYfZvd7rmZGWHNhgZbGV5Bkcxhq_KR3MHpgTcSK2p0yb1JWkjA66Q>
    <xmx:mfYfZtlqWXXWOzQVWebSXZ6qybu3mCaJ3s_uOY2bqt8R4cWXjdj6LZVX>
Feedback-ID: i6f4c46c2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed,
 17 Apr 2024 12:19:36 -0400 (EDT)
Message-ID: <1d64e5c6-5a77-41a3-8d68-ae88aeed611f@beccati.com>
Date: Wed, 17 Apr 2024 18:19:34 +0200
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PHP-DEV] [RFC][Discussion] PDO driver specific parsers
To: Larry Garfield <larry@garfieldtech.com>,
 php internals <internals@lists.php.net>
References: <ff5785b8-ba73-4302-9e1a-afaba34650bb@beccati.com>
 <00079548-1799-4215-8F73-EFDCD795532F@sakiot.com>
 <098996d6-32e4-460c-a82a-aeef3b7e61d3@beccati.com>
 <9A6577BD-3BC5-41E1-965D-4B30D16CDB3D@sakiot.com>
 <a38f4b1c-bb6d-47e2-9220-21493584a5f6@beccati.com>
 <26c47eb5-a60a-459d-89e6-16f6f0634cba@app.fastmail.com>
Content-Language: it
In-Reply-To: <26c47eb5-a60a-459d-89e6-16f6f0634cba@app.fastmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
From: php@beccati.com (Matteo Beccati)

Hey Larry,

Il 17/04/2024 16:51, Larry Garfield ha scritto:
> This all seems logical, but having separate parsers would mean that the SQL strings are no longer portable, yes?  Eg, many frameworks and CMSes try to (claim to) support multiple DBs transparently.  (MySQL and Postgres and SQLite, usually).  Some even recommend using SQLite for testing, but MySQL for prod.  This change would break that, wouldn't it?  Because the escaping would necessarily be different for MySQL and SQLite, and thus the queries would break on one or the other?

Nope. If you hardcode strings in your SQL, then it's your responsibility 
to write them with the correct syntax.

For example a `SELECT "foo"` will work on MySQL, but not on Postgres 
already, and this RFC won't change that.

Likewise, when using single quotes, `SELECT '\\'` will get you a single 
backslash on MySQL right now, but two backslashes on Postgres, 
regardless of this RFC.

The only proper way to safely hardcode literals is to use the 
`PDO::quote` method, which will take care of all the required escaping 
(and charset stuff), according to the connected database. But then 
again, most likely using parameters would be best in many circumstances.

As for recommending testing on SQLite when production is on MySQL, I've 
always found that to be a (huge) foot gun. Of course YMMV ;-)


Cheers
-- 
Matteo Beccati

Development & Consulting - http://www.beccati.com/