Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:78134 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 27534 invoked from network); 17 Oct 2014 12:20:06 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 17 Oct 2014 12:20:06 -0000 Authentication-Results: pb1.pair.com header.from=ulf.wendel@phpdoc.de; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=ulf.wendel@phpdoc.de; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain phpdoc.de from 85.13.130.122 cause and error) X-PHP-List-Original-Sender: ulf.wendel@phpdoc.de X-Host-Fingerprint: 85.13.130.122 dd5506.kasserver.com Received: from [85.13.130.122] ([85.13.130.122:33684] helo=dd5506.kasserver.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 26/85-30834-57901445 for ; Fri, 17 Oct 2014 08:20:06 -0400 Received: from [192.168.2.112] (p5B284AB7.dip0.t-ipconnect.de [91.40.74.183]) by dd5506.kasserver.com (Postfix) with ESMTPSA id 5976F3121D16 for ; Fri, 17 Oct 2014 14:20:02 +0200 (CEST) Message-ID: <54410970.2020100@phpdoc.de> Date: Fri, 17 Oct 2014 14:20:00 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: internals@lists.php.net References: <543FE883.2070401@lerdorf.com> <54400765.90802@oracle.com> <5440E696.8050900@lsces.co.uk> <5440ECC4.4070903@phpdoc.de> <544101B9.6080601@lsces.co.uk> In-Reply-To: <544101B9.6080601@lsces.co.uk> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] [PATCH - PR] Disable ATTR_EMULATE_PREPARES by default for PDO_Mysql From: ulf.wendel@phpdoc.de (Ulf Wendel) Am 17.10.2014 um 13:47 schrieb Lester Caine: > users know what they are getting and where the real security holes are. Hmm, maybe, you could make this world a better one by contributing to improve http://php.net/manual/en/pdo.prepared-statements.php ? For the rest: the MySQL manual and the MySQL source code have the details. No need for speculation towards the implementation of server-side PS in MySQL, no need playing my DB vs. your DB, no need for playing the users have a right card. Ulf