Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:129657 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by lists.php.net (Postfix) with ESMTPS id A01611A00BC for ; Fri, 19 Dec 2025 13:52:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1766152355; bh=2CS65jRZpvqqjX917Qnweouzculi8X+yZVORrG50JHM=; h=Date:From:Subject:To:References:In-Reply-To:From; b=VH75dzGnD0bZRd6Jnb+vXcGZkpz/EPfKKQzzD6KdKHgsvdtJtiCerB6lQbuqp4LDo YdESbnpLyi0kol2wuiPoUqW4u3y5yeweAGjX1Gb1JX99xMbcFqewDjbexkuKOzbJCz kGplnNsvirLiIEz6ik6ItfJthIQ7oLZL0QbiQKJKQAZx9U2jcrYvvO/jrJYS2y5Uwu s+hcaxI7GtA2jyfo9jKuhwY9tz2787tZhEdBJjKVepY6+LZSnhLTvS5YR8hwZDDwd1 5qbtxe75xyeliyv3zaXOhQ/bgaC3mfgtwg8YuVlmj3+hTYTaZAMAbARfozPW0Dg5Mx 1A/ee62ncLHKw== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id CACDE180083 for ; Fri, 19 Dec 2025 13:52:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=4.0.1 X-Spam-Virus: No X-Envelope-From: Received: from fhigh-a3-smtp.messagingengine.com (fhigh-a3-smtp.messagingengine.com [103.168.172.154]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 19 Dec 2025 13:52:24 +0000 (UTC) Received: from phl-compute-02.internal (phl-compute-02.internal [10.202.2.42]) by mailfhigh.phl.internal (Postfix) with ESMTP id 610C914000BF; Fri, 19 Dec 2025 08:52:19 -0500 (EST) Received: from phl-frontend-04 ([10.202.2.163]) by phl-compute-02.internal (MEProxy); Fri, 19 Dec 2025 08:52:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=beccati.com; h= cc:content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1766152339; x=1766238739; bh=1D9XfoqSAqunQG+5xNgLW1WojUaY+WZaR2o/UIBPXL0=; b= RcGD9s2XpYYVBikAHmwzbhchnCsFcbe0ATPUNA1ybdZKZtcwO42wDHKdusBVneCu W6z3wQkERsBNul5od+S0DmSiaxgYhS9gUgvOrKDoYgbAtvDbePMJMJxXndB3g8OE j13SnzfHzb8Y+hYZ0jjUiIfd2vzUkrgI8vEJqiqQiXLCtwv/0fIqdV1cMwG2QdUe EWEVqKDcoKfMM175HPriQyrFqJpvpysV/t/yOT4fBC1T3/hMGA0F1nPHl8Er9q1f hrlsZhHNRQAjWeoo3tghX8W5/uZ7U+MbnKKZUUqQ1KNrK8UPs5HZ9COH4Sed02gg MrGvGBv3/Ej7OwARi6k91w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1766152339; x=1766238739; bh=1 D9XfoqSAqunQG+5xNgLW1WojUaY+WZaR2o/UIBPXL0=; b=ysfJ2XSXj93k+WOh2 AmltdnrJRnyEFdBlJtPt87GDeztchCpZdewUWapyPjY1p434gbllUJK8YOgEO4c/ hF8M7c+1IifUCDY/OvgLpFsIObTrYtlg28z1Db1mhTY32LGmSHV6EBSRFTk1AJiM 9BEZwn/ZRVzaxXeQ7EMGwX6crQX1D0L6QPOA3ryqujzSp3Nbekh7LzA6bkY00AXh 24y4QTyTYwmmj+50ar/ACq3/xqH8l87qLVdiz+9SozsL5AiukyR51oSBLinnYua9 axSOgUa3iBwDwheuAu6DhMutUWNvN9qypHoKno/pNtLPPwhB0IAbsDWuQPQ+f1Q5 hs1Dw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdegkeegjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefkffggfgfhuffvfhgjtgfgsehtjeertddtvdejnecuhfhrohhmpeforghtthgvohcu uegvtggtrghtihcuoehphhhpsegsvggttggrthhirdgtohhmqeenucggtffrrghtthgvrh hnpeejledthfeihedthfdvteetgeelieekuddtledtkeekhfefffeikeeigfdtjedttden ucffohhmrghinhepphhhphdrnhgvthenucevlhhushhtvghrufhiiigvpedtnecurfgrrh grmhepmhgrihhlfhhrohhmpehphhhpsegsvggttggrthhirdgtohhmpdhnsggprhgtphht thhopedupdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehinhhtvghrnhgrlhhsse hlihhsthhsrdhphhhprdhnvght X-ME-Proxy: Feedback-ID: i6f4c46c2:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Fri, 19 Dec 2025 08:52:18 -0500 (EST) Message-ID: <23051439-6f0d-4175-b632-3b943582bfe0@beccati.com> Date: Fri, 19 Dec 2025 14:52:17 +0100 Precedence: list list-help: list-unsubscribe: list-post: List-Id: x-ms-reactions: disallow MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PHP-DEV] [RFC] New function mysqli_quote_string To: PHP internals References: Content-Language: it, en-GB Autocrypt: addr=php@beccati.com; keydata= xjMEaPtBFBYJKwYBBAHaRw8BAQdAGO+tvY0cWWnQ/c8pKeza89usSCtuIU/rofMmYKRYhbTN IE1hdHRlbyBCZWNjYXRpIDxwaHBAYmVjY2F0aS5jb20+wo8EExYIADcWIQSAAgxDL6AQ85RP iXKBm68y9BDZAQUCaPtBFAUJBaOagAIbAwQLCQgHBRUICQoLBRYCAwEAAAoJEIGbrzL0ENkB LYIA/3T7lWVp+xMsxGf9o5YpzHAm5+lbwQEAMO/g5nKyk/rKAQCvq3DDNWoXjPam0s+5Pt0z zjzYM6qV/tjTzyPUBrHQB844BGj7QRQSCisGAQQBl1UBBQEBB0Ct/I7x5lWDgutczkl00Kg0 OwotLnLdeOfaU+bDkhGWIQMBCAfCfgQYFggAJhYhBIACDEMvoBDzlE+JcoGbrzL0ENkBBQJo +0EUBQkFo5qAAhsMAAoJEIGbrzL0ENkBX+4BAM3Qp4gVnybToqh7tB2HbyOYrExvX4m0p/t8 IIRF/QCbAQDV84mqLmyLOpigI5IQThXCaaTltA4IeTfVNjnVTv+XDw== In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit From: php@beccati.com (Matteo Beccati) Hi Kamil, Il 18/12/2025 22:03, Kamil Tekiela ha scritto: > Hello, > > I would like to open a discussion about adding a new function to PHP > > https://wiki.php.net/rfc/mysqli_quote_string > > Would you support such an addition? I agree with you and I prefer PDO::quote()'s behaviour over the "old" non-pdo quote functions. However, I also think that manually interpolating parameters is not a best practice that we should encourage: query parameters are the a much better defence against SQL injections. Also I'm afraid that offering two alternatives would increase the confusion, especially if this new function is added only to mysqli and not other prominent database extensions. Cheers -- Matteo