Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:53967
Return-Path: <johannes.schlueter@oracle.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 92746 invoked from network); 15 Jul 2011 12:47:22 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Jul 2011 12:47:22 -0000
Authentication-Results: pb1.pair.com smtp.mail=johannes.schlueter@oracle.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=johannes.schlueter@oracle.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain oracle.com from 148.87.113.117 cause and error)
X-PHP-List-Original-Sender: johannes.schlueter@oracle.com
X-Host-Fingerprint: 148.87.113.117 rcsinet15.oracle.com  
Received: from [148.87.113.117] ([148.87.113.117:60465] helo=rcsinet15.oracle.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id AD/E4-34501-9D6302E4 for <internals@lists.php.net>; Fri, 15 Jul 2011 08:47:22 -0400
Received: from rtcsinet21.oracle.com (rtcsinet21.oracle.com [66.248.204.29])
	by rcsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id p6FCkihi015311
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 15 Jul 2011 12:46:49 GMT
Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156])
	by rtcsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id p6FCkhai026172
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 15 Jul 2011 12:46:44 GMT
Received: from abhmt109.oracle.com (abhmt109.oracle.com [141.146.116.61])
	by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id p6FCkcKM004430;
	Fri, 15 Jul 2011 07:46:38 -0500
Received: from [192.168.2.230] (/93.104.35.174)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 15 Jul 2011 05:46:38 -0700
To: Philip Olson <philip@roshambo.org>
Cc: PHP Developers Mailing List <internals@lists.php.net>
In-Reply-To: <9F1FA580-FD3F-4C3F-9E26-51A095CF6EE9@roshambo.org>
References: <9F1FA580-FD3F-4C3F-9E26-51A095CF6EE9@roshambo.org>
Content-Type: text/plain; charset="UTF-8"
Organization: Oracle Corporation
Date: Fri, 15 Jul 2011 14:46:32 +0200
Message-ID: <1310733992.2800.57.camel@guybrush>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.2 
Content-Transfer-Encoding: quoted-printable
X-Source-IP: rtcsinet21.oracle.com [66.248.204.29]
X-CT-RefId: str=0001.0A090201.4E2036B9.0092:SCFSTAT5015188,ss=1,re=-4.000,fgs=0
Subject: Re: [PHP-DEV] deprecating ext/mysql
From: johannes.schlueter@oracle.com (Johannes =?ISO-8859-1?Q?Schl=FCter?=)

Hi,

On Sun, 2011-07-10 at 10:03 -0700, Philip Olson wrote:
> Greetings PHP geeks,
>=20
> Don't panic! This is not a proposal to add errors or remove this
> popular extension. Not yet anyway, because it's too popular to do that
> now.
>=20
> The documentation team is discussing the database security situation,
> and educating users to move away from the commonly used ext/mysql
> extension is part of this.

Moving away from ext/mysql is not only about security but also about
having access to all features of the MySQL database.

ext/mysql was built for MySQL 3.23 and only got very few additions since
then while mostly keeping compatibility with this old version which
makes the code a bit harder to maintain. From top of my head missing
features not support be ext/mysql include:
      * Stored Procedures (can't handle multiple result sets)
      * Prepared Statements
      * Encryption (SSL)
      * Compression
      * Full Charset support
      * ...
      *=20

So moving away from ext/mysql is a good thing.

> This proposal only deals with education, and requests permission to
> officially convince people to stop using this old extension. This
> means:
>=20
>  - Add notes that refer to it as deprecated
>  - Recommend and link alternatives
>  - Include examples of alternatives

+1

> There are two alternative extensions: pdo_mysql and mysqli, with PDO
> being the PHP way and main focus of future endeavors. Right? Please
> don't digress into the PDO v2 fiasco here.

I'm not sure the current PDO is "the" alternative. We (=3D MySQL/ORACLE)
focus mostly on mysqli, that's the extension providing access to all
current and future features of MySQL. True, many features could be added
to PDO but there are two design decision in PDO which make this bad:

      * The parser used for identifying statement place holders is very
        basic, as it is implemented in PDO core, not the drivers, which
        leads to FRs like #54929 or the famous LIKE issue[1]
      * driver-specific functions are implemented by using __call()
        which means there is no good introspection mechanism to check
        whether a feature is available or not in the current setup.

Besides these two items there are every now and then reports on
PDO_mysql which in fact are caused by limitations in the PDO design
which can't be bypassed by the driver implementation.

A good abstraction layer would certainly be good for the language but
for now we (=3DMySQL/ORACLE) consider mysqli the preference.

> What this means to ext/mysql:
>=20
>  - Softly deprecate ext/mysql with education (docs) starting today
>  - Not adding E_DEPRECATED errors in 5.4, but revisit for 5.5/6.0
>  - Add pdo_mysql examples within the ext/mysql docs that mimic the curren=
t=20
>    examples, but occasionally introduce features like prepared statements
>  - Focus energy on cleaning up the pdo_mysql and mysqli documentation
>  - Create a general "The MySQL situation" document that explains the situ=
ation

I also want to point to http://forge.mysql.com/wiki/Converting_to_MySQLi
wich has a script once developed by Ulf and others to automatically
convert code from using ext/mysql to mysqli. I haven't tried it with
recent versions of PHP but should still work.

> The PHP community has been recommending alternatives for several years
> now, so hopefully this won't be a new concept or shock to most users.

:-)

johannes


[1] The LIKE case goes something like that:

<?php
$query =3D $pdo->prepare("SELECT id FROM table LIMT ?, ?");
$query->bindValue(1, $_GET["offset"]);
$query->bindValue(2, $_GET["limit"]);
$query->execute();
?>

So there's some pagination of a result set and the user can browse
through the result, looks quite ok, but the result is not a successful
query but an error

        1064 you have an error in oyur SQL sytax; check the manual that
        corresponds to your MySQK server version for the right syntax to
        use near ''1', '2''

Which is caused by PDO using PS emulation by default with MySQL (see
thread "Change Request: Make PDO default to not emulate prepared
statements for MySQL" from April/May 2011 on this list) and $_GET
containing strings while the parser is not context-aware. Of course this
can easily be fixed by explicitly binding using PDO::PARAM_INT.

--=20
Johannes Schl=C3=BCter, ORACLE
MySQL Engineering - Connectors And Client Connectivity