Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:52116
Return-Path: <ircmaxell@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 32368 invoked from network); 30 Apr 2011 18:59:58 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 30 Apr 2011 18:59:58 -0000
Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass; domainkeys=bad
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.42 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: ircmaxell@gmail.com
X-Host-Fingerprint: 209.85.160.42 mail-pw0-f42.google.com  
Received: from [209.85.160.42] ([209.85.160.42:63395] helo=mail-pw0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 2E/C4-10915-C2C5CBD4 for <internals@lists.php.net>; Sat, 30 Apr 2011 14:59:58 -0400
Received: by pwj3 with SMTP id 3so2374174pwj.29
        for <internals@lists.php.net>; Sat, 30 Apr 2011 11:59:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:cc:content-type;
        bh=/2P21BGVImTaapUCczPzyVH7ami+z98YN7U/uJer0DE=;
        b=b6l8bBSmOjVGZLJuhOhywJmUUkgXdrFTwF+Vj6CvIROo2/bBzgi/Rfiua2gjbmaoA5
         2rITX6Qv8xUIOBJAxcW822LPfaFN7CS2ZTUZ5o9FzPbLOG69lSK2vBlS5pfdhirHxSj3
         1ttG22arBZ8g5y5k9QeA8cPTj4A9WKZ0W4uMU=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        b=JnhPyrwHbP9Kb8jmeRdIK6P8bgAIkcr2GJ/mIs2G57zn/bPzNN7ZEtGaJR9w5kE7an
         6nUB5YWajJaeMJzsP1+tXhH3IEAQgHA3pk1RRPLpGkje6n1CjJ1yPQtM6g1qPxjMlqPn
         pm/BpH4mp5KYAATHNQidliF75yUehu06AxUxI=
MIME-Version: 1.0
Received: by 10.68.34.70 with SMTP id x6mr7086837pbi.344.1304189993885; Sat,
 30 Apr 2011 11:59:53 -0700 (PDT)
Received: by 10.68.54.199 with HTTP; Sat, 30 Apr 2011 11:59:53 -0700 (PDT)
In-Reply-To: <4DBC56D2.8060101@lerdorf.com>
References: <BANLkTimtRdY_+Jj46jFEqkseuz7WD1ZPZQ@mail.gmail.com>
	<4DBC2D1B.10302@lerdorf.com>
	<4DBC4885.7010209@sugarcrm.com>
	<4DBC4C9A.2050502@lerdorf.com>
	<BANLkTikfWW=gczOf3a2c2wQ=bqSJBZH0qg@mail.gmail.com>
	<4DBC56D2.8060101@lerdorf.com>
Date: Sat, 30 Apr 2011 14:59:53 -0400
Message-ID: <BANLkTinpjwp4_DrRutaQo_=WwMDAnb2BbQ@mail.gmail.com>
To: Rasmus Lerdorf <rasmus@lerdorf.com>
Cc: Ferenc Kovacs <info@tyrael.hu>, Stas Malyshev <smalyshev@sugarcrm.com>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Change Request: Make PDO default to not emulate
 prepared statements for MySQL
From: ircmaxell@gmail.com (Anthony Ferrara)

I'm not arguing if there weren't reasons for implementing it this way.
 I am arguing if they are good enough reasons to justify the security
impact.  It's not my decision (and I respect that), but I would stress
that what PDO is doing is not prepared statements or even
parameterized queries, and as such does not have the same benefits of
using true prepared statements (and perhaps the documentation needs to
be updated to reflect that).

Anthony

On Sat, Apr 30, 2011 at 2:37 PM, Rasmus Lerdorf <rasmus@lerdorf.com> wrote:
> On 04/30/2011 11:10 AM, Ferenc Kovacs wrote:
>
>> with 5.0 EOL-ed for some time, and even the debian stable is running
>> 5.1, I wonder how many of our user runs 5.0.
>
> I'm not disagreeing, I just don't agree it is a bug against 5.3. There were
> good reasons for the default at the time 5.3 was released. For 5.4 it is
> probably time to switch it.
>
> -Rasmus
>