Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:63951
Return-Path: <kris.craig@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 69628 invoked from network); 17 Nov 2012 16:36:22 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Nov 2012 16:36:22 -0000
Authentication-Results: pb1.pair.com smtp.mail=kris.craig@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=kris.craig@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.42 as permitted sender)
X-PHP-List-Original-Sender: kris.craig@gmail.com
X-Host-Fingerprint: 209.85.215.42 mail-la0-f42.google.com  
Received: from [209.85.215.42] ([209.85.215.42:63055] helo=mail-la0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 44/78-08060-50DB7A05 for <internals@lists.php.net>; Sat, 17 Nov 2012 11:36:21 -0500
Received: by mail-la0-f42.google.com with SMTP id s15so2922950lag.29
        for <internals@lists.php.net>; Sat, 17 Nov 2012 08:36:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=OX0YjBShwZxOxYjccpSnt82oLKzBKN41yxn3DPSslp4=;
        b=aM9GLzNufL9b2UoPD2JeJc528w0tM3cGV8FkwHXiacydDUeWT4UCpnr+RguzZYdF2u
         1ycq/9uU4GU9bhsMYJgxQqqjPkaetd0YFcqAdGrt3+w56SOd6WFQO0/d5IWmrqvfXnb5
         GWyfotg3ozdQgtl9Msf0ZaW1sN+F+7Cc7Q+jlRZEIIy5fY0ggLIxzpwJuf62zxUTfMER
         EyrerCWc0Z9vQNB8cbx3dzVq16q5wteDBCWeUWgFdXli6DYFFaM2y75BaPsIxd2RB98V
         fidGBk3M8RuEuCob5+LtO0e9trXmME2dXU36W4TLMHPfBtxXulWUnhaVhPY86OC5zGiQ
         HN2w==
MIME-Version: 1.0
Received: by 10.112.25.68 with SMTP id a4mr613402lbg.10.1353170177850; Sat, 17
 Nov 2012 08:36:17 -0800 (PST)
Received: by 10.152.114.2 with HTTP; Sat, 17 Nov 2012 08:36:17 -0800 (PST)
In-Reply-To: <50A68146.4020603@lsces.co.uk>
References: <CADajX4CYZdNpgQv46m_6J7tQLBc=h6HxCn-bGpxr3Ou2VaqgBg@mail.gmail.com>
	<CAAyV7nFOGa7UVALSQyAs-A+R0kuEmXoHPrxvCXNBnzAxLy0dww@mail.gmail.com>
	<50A2D672.7010600@gmail.com>
	<50A30144.5070305@phpgangsta.de>
	<50A3BEC0.8030607@gmail.com>
	<CAET_qdMmhRyidM6_VOokBu6tYvgrPHMOPdzz0PaFpxc3NaTdYQ@mail.gmail.com>
	<CADajX4Bh+5YrCPEFLzC2qqeJ4NnADbBV0u+wByz3Kb7Jp45KOw@mail.gmail.com>
	<50A54713.8090102@sugarcrm.com>
	<CAArmra2bjj3y2UUV8nszU74tN9o4VvB67aXzq5Z1cE2Y_tVijg@mail.gmail.com>
	<50A549EB.2020408@lerdorf.com>
	<CAArmra2BCmbOjkK0D8gKc5o0Pwhx0jNGi-3m2C2Z2dAnb0yv7w@mail.gmail.com>
	<CAAyV7nGMi20xjBYbouvsyUrxdOSuboP6u-guY9DX8qkSagQbjg@mail.gmail.com>
	<CAL+t6cEfDPT_-td5Ts4-SpNowSK9GJAq71KPKU-5ZUP2yzsNjw@mail.gmail.com>
	<CAAyV7nF=gMzD6rHUW2mffXv9uc-sSuO3cX=kyMnt81bUZH_VtQ@mail.gmail.com>
	<CAL+t6cFY5vPERz58foLh01ori68euYbSg-LGcjOsm9cgeNAs2A@mail.gmail.com>
	<50A58828.4070701@lerdorf.com>
	<CAL+t6cEZur=Eig6+0LzrdOWRRonSbUGV-eMeg7iyMA2bcZrvwA@mail.gmail.com>
	<50A59E24.4060704@lerdorf.com>
	<50A68146.4020603@lsces.co.uk>
Date: Sat, 17 Nov 2012 08:36:17 -0800
Message-ID: <CAKOpQSw-4nN_nC0xQW2LzgwM2TohNd76a1iJHXwusMPiDUq=gg@mail.gmail.com>
To: Lester Caine <lester@lsces.co.uk>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=f46d04012373c57e8904ceb37b68
Subject: Re: [PHP-DEV] RFC: ext/mysql deprecation
From: kris.craig@gmail.com (Kris Craig)

--f46d04012373c57e8904ceb37b68
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Nov 16, 2012 at 10:09 AM, Lester Caine <lester@lsces.co.uk> wrote:

> Rasmus Lerdorf wrote:
>
>> We need a frontpage notice. A big notice in the next UPGRADING file.
>> There was nothing about this in the 5.4 UPGRADING file, for example. We
>> also need tutorials showing how to migrate from mysql to mysqli and
>> conference talks on the same showing some of the cooler things like
>> async queries that you get by moving to a more modern API.
>>
>
> This sounds like a much more realistic approach to the problem. The only
> way that E_DEPRECATED would work practically is if it was a separate
> E_MYSQL_EOL since there are other more important warnings that would be
> hidden simply to maintain mysql? But it's not just migration tutorials that
> are lacking, we STILL need some good quality PHP5.4 style guides! Showing
> how to migrate from pre PHP5.2 style working ...


In terms of deprecation schedule, I agree with Pierre's earlier comment
that we should start throwing E_DEPRECATED as early as 5.5 or 5.6, then
support should just be dropped entirely in 6.0.  I'm a big proponent of the
idea that BC should be less of a concern for major version increments.

There is something really important I'd also like to stress:  In UPGRADING,
as well as any other literature we release designed to help people with
this transition, we should not simply focus on porting ext/mysql code to
mysqli.  We should emphasize the use of prepared statements and fully
integrate that into any tutorials we put out there.  There are too many PHP
devs out there who don't even know what prepared statements are and their
ported mysqli code will reflect this if we're too lax on this point.
 Rasmus is right about asynchronous queries and other features being really
helpful as well, but I think prepared statements stand apart because they
prevent what is currently one of the most common security vulnerabilities
on the web today.

I'd like to see any tutorials we write just make conversion to prepared
statements part of the porting process; it shouldn't even be framed as
optional.  A lot of devs will probably just run down the list step-by-step,
so I think it would be best to make sure one of those steps involves
converting query parameters to prepared statements.  I'm not sure if
somebody's already committed to writing these docs yet, but either way I'd
be happy to lend a hand with that.

--Kris

--f46d04012373c57e8904ceb37b68--