Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:63924
Return-Path: <patrick.allaert@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 16696 invoked from network); 16 Nov 2012 10:18:35 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Nov 2012 10:18:35 -0000
Authentication-Results: pb1.pair.com smtp.mail=patrick.allaert@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=patrick.allaert@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.83.42 as permitted sender)
X-PHP-List-Original-Sender: patrick.allaert@gmail.com
X-Host-Fingerprint: 74.125.83.42 mail-ee0-f42.google.com  
Received: from [74.125.83.42] ([74.125.83.42:61555] helo=mail-ee0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id AC/B1-08060-AF216A05 for <internals@lists.php.net>; Fri, 16 Nov 2012 05:18:34 -0500
Received: by mail-ee0-f42.google.com with SMTP id t10so1597509eei.29
        for <internals@lists.php.net>; Fri, 16 Nov 2012 02:18:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:date:x-google-sender-auth:message-id:subject
         :from:to:cc:content-type;
        bh=G2Q5uRHEZJZ+jAF0RzC2bbRs2rnKggAgQnMrGwGWrdI=;
        b=F5W1LsIBFOkeIJkEA/NQh2Ahd/xU54os/2Fr1Vr24t7LpDdRI44G/0K62eLkE33bTh
         NNisjGOFFwiV02tNCbY7lllIGP4QiuHsr5VxerBx0tt/8s8eW0ToT8gx+3uLdzgzdaDY
         yq7fpOMoIdycneA4ZxjmpoLWlmWIcvV5Mujgq2np9Uez+HLHPhWyZ0H6BG2Va90ty6rh
         S1QfrmQLKTN1tSdtQIAWOeixBrtnFPQSadC2B2jvn9rRaT0Snq6AFMTzgLVir6voAQsh
         Uyb/dQP6etjzh4Bsl9fZDQbw/qLKzWgYlScP0COrpFi+HheAlz3BGQoEWShFGXCELTur
         3+FQ==
MIME-Version: 1.0
Received: by 10.14.221.194 with SMTP id r42mr12258203eep.25.1353061111182;
 Fri, 16 Nov 2012 02:18:31 -0800 (PST)
Sender: patrick.allaert@gmail.com
Received: by 10.14.129.193 with HTTP; Fri, 16 Nov 2012 02:18:31 -0800 (PST)
Date: Fri, 16 Nov 2012 11:18:31 +0100
X-Google-Sender-Auth: BdWkJV2cgNLYIqDh7_Oje5-tGp8
Message-ID: <CACwt+JeJ-H0e+MB-d7skTejoksCsHShB7_U8z1ke7EYWZ=-pWw@mail.gmail.com>
To: Adam Harvey <aharvey@php.net>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: mysql_escape() issue (Was: [PHP-DEV] RFC: ext/mysql deprecation)
From: patrickallaert@php.net (Patrick ALLAERT)

2012/11/12 Adam Harvey <aharvey@php.net>:
> Hi everyone,
>
> I've written an RFC to cover deprecating ext/mysql in PHP 5.5:
> https://wiki.php.net/rfc/mysql_deprecation. While we handled the soft
> deprecation in the documentation purely via a straw poll on Internals,
> I presume this will end up needing to go to a vote, hence the RFC.
>
> I won't rehash the background overly (there's some more detail in the
> RFC), other than to note that we've now had deprecation notices on all
> mysql_* functions in the manual for about six months and that the
> logical next step is to start generating E_DEPRECATED notices when
> users connect via mysql_connect(), mysql_pconnect() or the implicit
> ext/mysql connection routines. It's my belief that doing so will
> hasten the move of users to the more modern (and supported) APIs
> available: mysqli and PDO, and that this process will also likely
> encourage some users to switch to safer patterns such as prepared
> queries at the same time.
>
> I must apologise for the lateness of this RFC: I had hoped to do this
> some time before alpha 1, but travel and illness have taken their
> toll. Better late than never!
>
> So, please provide comments, feedback, concerns, and so on. Obviously,
> this isn't going to a vote for at least a couple of weeks, but earlier
> feedback is better.
>
> Thanks,
>
> Adam
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>

There is one remaining issue if ext/mysql is being deprecated (only by
having E_DEPRECATED in mysql_connect()/mysql_pconnect() and then
removed later.

People using mysql_escape() only to generate SQL files would never see
the deprecation and the function would suddenly be removed.

Technically, this could be solved by setting a global flag that is
reset at RINIT while all mysql_* functions would emit the E_DEPRECATED
notice if the global flag is not yet set (a singleton like pattern).

While this is technically possible, we should still cover the
following use case: make it possible to generate valid queries while
not being able to connect to any MySQL server yet.

In eZ Publish CMS, we have recently removed [1] support for the mysql
handler in favour of the mysqli one and as such, we have no more
mysql_*() functions calls except for the above use case where we rely
on mysql_escape().

Opinions ?

[1] https://github.com/ezsystems/ezpublish/compare/e00a2c5cfef6776e0b8d8a330b1f6cb397b1ec0e~...485c7054e2f6a381f6f562797e6d0c1cce2c59f2

Patrick