Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:129745 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by lists.php.net (Postfix) with ESMTPS id 19E581A00BC for ; Fri, 9 Jan 2026 10:55:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1767956158; bh=a3Eq+grPyq6qQLplAYTlhCv3Dh5PLzUI38Czz4jJAFg=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=SE33foA5QZ0x5S7XhjPcM7lo27mTUvcKaLZRAkL190cBmz5iowkZ8BN6HRo3okQhK 0uD1niFMrEiMYEHgEQD0ViLAh66pelF5e8Kp3KCb+7jQb7mNPx7Sk4lF5hdPmmqcwP mRh48S8O206/dro5YUzyP6OvQUpH5M4nJ2F+KhyP1YrdJA2/8q3AEkJtiYTTZGd5b1 Jp4k3d2L2zPpPbl9uYyi7jCadFRV3Fetzkjp/gJtF9I4wawi+RG34wYFpo0dvrXgTA sedorhjCEAXCsMp/AE+fIbE88FXuKsszNCi0ele0NqpF6sZLO7NcOytwCet3bgvpmJ qWbUyRmUS2rCA== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id B20F7180053 for ; Fri, 9 Jan 2026 10:55:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=4.0.1 X-Spam-Virus: No X-Envelope-From: Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 9 Jan 2026 10:55:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be; s=mail20171119; t=1767956145; bh=v9VUrsFGome5SEEapuCXXWyAetLGRMJ6hQtf1afFgC4=; h=MIME-Version:Date:From:To:Cc:Subject:In-Reply-To:References: Message-ID:Content-Type:from:to:cc:subject:message-id; b=TcbCP2gW57uKijbYOYwEd+lBMd4kfvjC5rpQK6ur6eIbsPHoannxTN5eC7em/cfeE D9Wji1927BbmzXy0OVpnzY/wgrC+zxHd0m/PTp3CIWpV8Uz5niCRcoGh/svL+Sv51J HTOjtn/l0pSJCXEMZRccl21BXlfNm2chQr9PW9DhePa7h3gMaDpnmRWWw0CbdD07YG DmXl7y/0/ZtIPyObkAij8/laVvbdGtU8I7W9HNOcv7iGS55lBAKk5jUgJ7r7cGbfhq qHVzK99jlWAAZxEmCgcqW7qMckBNbBKimyCPU0Lcruvpfk51coe5BVGWosUf1ZNBua OqhtBAnwFZXJA== Precedence: list list-help: list-unsubscribe: list-post: List-Id: x-ms-reactions: disallow MIME-Version: 1.0 Date: Fri, 09 Jan 2026 11:55:45 +0100 To: Kamil Tekiela Cc: PHP internals Subject: Re: [PHP-DEV] Re: [RFC] New function mysqli_quote_string In-Reply-To: References: Message-ID: <22fa6377fe0df3afe29fcc332108ba07@bastelstu.be> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=C3=BCsterhus?=) Hi Am 2026-01-08 21:43, schrieb Kamil Tekiela: > Despite receiving some criticism, I would like to bring it to a vote > still. > > If this method doesn't get added, then it means that this SQL > injection vulnerability will never be patched. Sure, most users have > probably switched to prepared statements and we should encourage > others to do so, but as long as manual escaping exists, it should be > reliable and not prone to hidden SQL injection. I'm in favor. It's a localized addition with a clear purpose and value-add, a good name and precedent in related extensions. I'm also in favor of using deprecations to steer users away from unsafe APIs - even when the functionality in question will never be removed. Unfortunately getting those voted in is complicated, I've had my fair share of experience with that in the past few PHP versions. But I agree that the deprecation must not happen in the same version where the replacement is added, since this makes incremental roll-outs of the new PHP version annoying since there is no version of the code base that is cleanly supported by both PHP versions. With regard to the RFC itself: Please clean up the “Voting Choices” section, including properly filling in the vote title. The latter then triggers a 14 day cooldown (since changes to the voting widgets are Major changes): https://github.com/php/policies/blob/main/feature-proposals.rst#types-of-changes Best regards Tim Düsterhus