Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:123153
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id 1DE091A009C
	for <internals@lists.php.net>; Wed, 17 Apr 2024 19:35:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1713382561; bh=TsRzWSp1rhq7QAT6Tw3DR7ypwMZX7HUBRHdnIxtRXgQ=;
	h=In-Reply-To:References:Date:From:To:Subject:From;
	b=fuc8jdwtnncvaoZVRM7F0AidjEekSafyrEoPALWmS2vbtLE+G6qaRm9U0HdUG1CZR
	 MmK4OG6Lu8r/oBD/hGmSmdkho74gUtXXJCefSCQ3+G0PRLSUSXdgdPBBGYr5Am805e
	 mqJl8uhy+aW2AXZA2Al2OT6HcO6sFk7rxxL5eF8TaPfQ57CVrBZQNsZCuZ3i4kQA0e
	 opg8PVEZbXsZxhttEvOqqqtWsRwSE2BSyf949Vn1hA7ZVL1A8S/xu+KRtKI2wtPA8t
	 OkjuULJMwXurC6IloFSCDIbtz4ABWzxp4MqgpL2ZekGE787OKdN1QcvjJkyvUV6qzx
	 wwY7QIcclELkw==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id BC0F2180680
	for <internals@lists.php.net>; Wed, 17 Apr 2024 19:36:00 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,RCVD_IN_DNSWL_LOW,
	SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no
	autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <larry@garfieldtech.com>
Received: from wfhigh6-smtp.messagingengine.com (wfhigh6-smtp.messagingengine.com [64.147.123.157])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed, 17 Apr 2024 19:36:00 +0000 (UTC)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	by mailfhigh.west.internal (Postfix) with ESMTP id 0BC481800172
	for <internals@lists.php.net>; Wed, 17 Apr 2024 15:35:21 -0400 (EDT)
Received: from imap50 ([10.202.2.100])
  by compute1.internal (MEProxy); Wed, 17 Apr 2024 15:35:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	garfieldtech.com; h=cc:content-type:content-type:date:date:from
	:from:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to; s=fm3; t=1713382521; x=
	1713468921; bh=Dp1rKZJ+Gpdvz96C9ePV49GqdNe7tToZvg3cpQYQAC4=; b=w
	OUCOe94l7nURTQpEZJPo/M/n8mKfuekLW3+f3tnPi/jVpSrwB4U7fm3LJ1upQCiV
	zn6eW4lur5ZcHRjLDA9u6W9jQmym1Aj+L0x/bKBlfRpk0yckY68TPLyjCiS8RtKj
	T51zGL9wiwO6hYcuJHeZwT17GdtrGUTR6PLFsWcitE+O3If+BKghHGtZHZihsOeT
	dtisWERRZ+U5f9bzOSVhC8d1E5/FHoeILfTo6cY4J3swGrTnHYzuxNu//8NxXQ1t
	OrgVzNTgdGDzKw40njk1MtGIqge1reXyjpSs12ECOMwKbKoPJg5tsRQZHmBH25dY
	DDkE5s/5NoPkuNi15PEAg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm3; t=1713382521; x=1713468921; bh=Dp1rKZJ+Gpdvz96C9ePV49GqdNe7
	tToZvg3cpQYQAC4=; b=iila17wNNOYB+FlJo0lKDMsq2VH9GKrQAAKE+o3b8PFC
	jhA42l3sOZtRKZuel6b8Pl6Yarp/GbZqFXaIoA9kvh2pRxzBies8ND6Wk2y/uyAV
	XpPq7ShkDEQ2Lb/aGlRrJpbOA8X7mh5uBJZSgb5PQo2MpylUgBj97l29swVmfh3e
	/AHWaeOY3S9PSaQNlDdR2p951QH9P2EFGNvR+aoADvhZwJLm+zNjvds91KHlaCn2
	fdgO99dsAycZ+VjyN44DgINYDr1BrF6ASaBxjTyhMsp2f/DuQJ9oo1uNFj4EOvgl
	htQeh1+LAvntTAljsjq2zWz9xvJVgRKQWQ4FYBHUqg==
X-ME-Sender: <xms:eSQgZsgw1b_mZStj_-dHJMlEC4eco4bTuThQgUuWaE-IsuZ3BZYugw>
    <xme:eSQgZlCR7-fEMjeSkLO8zCUoVcLtLTnthunPkBisB2haiGRtWHdj8IcAxZALkGYsL
    S2cvTkE1rhyaQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudejkedgudefkecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
    enucfjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfnfgr
    rhhrhicuifgrrhhfihgvlhgufdcuoehlrghrrhihsehgrghrfhhivghlughtvggthhdrtg
    homheqnecuggftrfgrthhtvghrnhepgeelgfekudeivddvteffueejffdthfejieevhefg
    ffekudevkedtvdelvddvffefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe
    hmrghilhhfrhhomheplhgrrhhrhiesghgrrhhfihgvlhguthgvtghhrdgtohhm
X-ME-Proxy: <xmx:eSQgZkEXr0pSsYhuDOoWtOQ2lPmJVhOYbAVXF2p4cUELP1ED81LWTw>
    <xmx:eSQgZtS4QC4hHrvhoYyV9ICD-6b7qi4qCnLYeMYurJt7Kr14Bex01g>
    <xmx:eSQgZpzuUE-jqD-HvxVuobPxg770M7tuIR6mkZiUAxathhgJBMamhQ>
    <xmx:eSQgZr5cjDxAkM_Bx8K9CWpEsVx1N5DPqIzAsm9tUbhb2F3sOBfJTQ>
    <xmx:eSQgZiuedtH2qO2L7Fv478rFXLGlzPZ26_8SY0koE9dwxUOuDGTRfI_v>
Feedback-ID: i8414410d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 3A5211700093; Wed, 17 Apr 2024 15:35:21 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-379-gabd37849b7-fm-20240408.001-gabd37849
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
MIME-Version: 1.0
Message-ID: <8d33e076-b579-450f-8254-587db4bf6ea1@app.fastmail.com>
In-Reply-To: <1d64e5c6-5a77-41a3-8d68-ae88aeed611f@beccati.com>
References: <ff5785b8-ba73-4302-9e1a-afaba34650bb@beccati.com>
 <00079548-1799-4215-8F73-EFDCD795532F@sakiot.com>
 <098996d6-32e4-460c-a82a-aeef3b7e61d3@beccati.com>
 <9A6577BD-3BC5-41E1-965D-4B30D16CDB3D@sakiot.com>
 <a38f4b1c-bb6d-47e2-9220-21493584a5f6@beccati.com>
 <26c47eb5-a60a-459d-89e6-16f6f0634cba@app.fastmail.com>
 <1d64e5c6-5a77-41a3-8d68-ae88aeed611f@beccati.com>
Date: Wed, 17 Apr 2024 19:35:00 +0000
To: "php internals" <internals@lists.php.net>
Subject: Re: [PHP-DEV] [RFC][Discussion] PDO driver specific parsers
Content-Type: text/plain
From: larry@garfieldtech.com ("Larry Garfield")

On Wed, Apr 17, 2024, at 4:19 PM, Matteo Beccati wrote:
> Hey Larry,
>
> Il 17/04/2024 16:51, Larry Garfield ha scritto:
>> This all seems logical, but having separate parsers would mean that the SQL strings are no longer portable, yes?  Eg, many frameworks and CMSes try to (claim to) support multiple DBs transparently.  (MySQL and Postgres and SQLite, usually).  Some even recommend using SQLite for testing, but MySQL for prod.  This change would break that, wouldn't it?  Because the escaping would necessarily be different for MySQL and SQLite, and thus the queries would break on one or the other?
>
> Nope. If you hardcode strings in your SQL, then it's your responsibility 
> to write them with the correct syntax.
>
> For example a `SELECT "foo"` will work on MySQL, but not on Postgres 
> already, and this RFC won't change that.
>
> Likewise, when using single quotes, `SELECT '\\'` will get you a single 
> backslash on MySQL right now, but two backslashes on Postgres, 
> regardless of this RFC.
>
> The only proper way to safely hardcode literals is to use the 
> `PDO::quote` method, which will take care of all the required escaping 
> (and charset stuff), according to the connected database. But then 
> again, most likely using parameters would be best in many circumstances.
>
> As for recommending testing on SQLite when production is on MySQL, I've 
> always found that to be a (huge) foot gun. Of course YMMV ;-)

I did not say I endorse the idea, just that I have seen it done. :-)  And some applications purport to run on your choice of MySQL or Postgres, even if they tend to not test the latter very well.

In any case, good to know that this won't make the situation worse.  It's probably a good idea to include some version of that in the RFC for clarity.

--Larry Garfield