Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:78908
Return-Path: <tyra3l@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 41922 invoked from network); 14 Nov 2014 15:49:13 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 Nov 2014 15:49:13 -0000
Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.51 as permitted sender)
X-PHP-List-Original-Sender: tyra3l@gmail.com
X-Host-Fingerprint: 209.85.218.51 mail-oi0-f51.google.com  
Received: from [209.85.218.51] ([209.85.218.51:49254] helo=mail-oi0-f51.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 12/90-36847-67426645 for <internals@lists.php.net>; Fri, 14 Nov 2014 10:49:10 -0500
Received: by mail-oi0-f51.google.com with SMTP id g201so12109618oib.24
        for <internals@lists.php.net>; Fri, 14 Nov 2014 07:49:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=pc7wqnxr5w1NNjIHJCLEOa3Jvu3Cz55P0qS5PrUFvtY=;
        b=Te6LHzpbTvOKtG47IJe257QHTaQKn63nQb3JsrjAU7ISLS8nw++DCBQAhUJClXBIBF
         87XgJdS0T9a0g0x5OXHD105d/0wSWlbU2C3QPhZ8bTy3bd/g3TXxgvtvOO+XD6FqoJMF
         fmP6uat4bT+3Pz4v1qkDiZAkGR/L8JObN8URAJOycSa731kbXiIoPqLOT4ow8ATp7qlR
         3NULQIdbCvGrDz/GTtdhlVVvSUCtRU7BPKqLviOdL3oZLLKWO+pjwK6NjJOWi4VhtMdB
         PzifD/TkjPHZlhUZI+MYMZK9tsqEZ8zbH3PwOzCPUF1Xxafz/YZGTXI/ObwFSkJSeAgE
         PFwQ==
MIME-Version: 1.0
X-Received: by 10.202.187.66 with SMTP id l63mr7842066oif.13.1415980147083;
 Fri, 14 Nov 2014 07:49:07 -0800 (PST)
Received: by 10.60.79.131 with HTTP; Fri, 14 Nov 2014 07:49:07 -0800 (PST)
In-Reply-To: <CAH0thKBHf1=XiHs20_1az2uaJ1=0AnWpC7unvAKYL1EK4shx3w@mail.gmail.com>
References: <CAH0thKDOOV0DT5=DJRmoePXOtJhzJtwteTEW_iNA+5Q-gNXdxg@mail.gmail.com>
	<1415638978.23992.4.camel@kuechenschabe>
	<CAH0thKBjR-6g0yrDtSORO9PszDnoMUJ2v5wUBxMh8iDdVYQ=Sw@mail.gmail.com>
	<CAH0thKBHf1=XiHs20_1az2uaJ1=0AnWpC7unvAKYL1EK4shx3w@mail.gmail.com>
Date: Fri, 14 Nov 2014 16:49:07 +0100
Message-ID: <CAH-PCH70P2ZktJ0QPFycSB7X=9TFBQ9LBC3yZhrCnjwHuDczpA@mail.gmail.com>
To: Peter Wolanin <peter.wolanin@acquia.com>
Cc: =?UTF-8?Q?Johannes_Schl=C3=BCter?= <johannes@schlueters.de>, 
	PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a113ccffead10a80507d391c9
Subject: Re: [PHP-DEV] PDO mysql - add feature to enforce single statements?
From: tyra3l@gmail.com (Ferenc Kovacs)

--001a113ccffead10a80507d391c9
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

yeah, the consensus was to create feature request on bugs.php.net for PRs
(and link the PR from the bugtracker), so that we each NEWS entry can link
to a bug#.

On Fri, Nov 14, 2014 at 4:04 PM, Peter Wolanin <peter.wolanin@acquia.com>
wrote:

> Added as a feature request also:  https://bugs.php.net/bug.php?id=3D68424
>
> I'm a little unclear about the preferred workflow for using pull requests
> vs. bugs.php.net - it seems liek most everything released ends up
> referring
> to an issue on bugs.php.net?
>
> -Peter
>
> On Thu, Nov 13, 2014 at 8:21 PM, Peter Wolanin <peter.wolanin@acquia.com>
> wrote:
>
> > I've added a pull request here with a proposal to add the attribute at
> > connection time: https://github.com/php/php-src/pull/896
> >
> > I think given PHP users the option to do this is really critical for
> > securing against SQL injection, and giving more consistent behavior
> between
> > native and emulated prepares.
> >
> > From my reading of the mysql API, enabling multi-query implicitly enabl=
es
> > multi results, but it's also possible to enable multi results separatel=
y,
> > and I've left it as is, explicitly enabled, in the patch.
> >
> > Do you have an example of a stored procedure to test?
> >
> > Thanks,
> >
> > Peter
> >
> > On Mon, Nov 10, 2014 at 12:02 PM, Johannes Schl=C3=BCter <
> > johannes@schlueters.de> wrote:
> >
> >> On Thu, 2014-11-06 at 19:52 -0500, Peter Wolanin wrote:
> >> > Suggested solution: add a PDO attribute that could be set on a
> >> > connection or a driver option for PDO::prepare to enforce the limit =
of
> >> > a single query being prepared or run.
> >>
> >> The issue is that disabling multi-query implicitly also disables suppo=
rt
> >> for stored procedures as the same flag configures handling of operatio=
ns
> >> with multiple result sets. So this probably needs more thoughts
> >> especially in order to get "similar" behavior with different
> >> databases ... can you add a feature request in the bug tracker for thi=
s?
> >>
> >> johannes
> >>
> >>
> >>
> >
> >
> > --
> > Peter M. Wolanin, Ph.D.      : Momentum Specialist,  Acquia. Inc.
> > peter.wolanin@acquia.com : 781-313-8322
> >
>
>
>
> --
> Peter M. Wolanin, Ph.D.      : Momentum Specialist,  Acquia. Inc.
> peter.wolanin@acquia.com : 781-313-8322
>



--=20
Ferenc Kov=C3=A1cs
@Tyr43l - http://tyrael.hu

--001a113ccffead10a80507d391c9--