Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:78946 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 93363 invoked from network); 18 Nov 2014 16:00:58 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Nov 2014 16:00:58 -0000 Authentication-Results: pb1.pair.com smtp.mail=peter.wolanin@acquia.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=peter.wolanin@acquia.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain acquia.com designates 64.18.2.163 as permitted sender) X-PHP-List-Original-Sender: peter.wolanin@acquia.com X-Host-Fingerprint: 64.18.2.163 exprod7og105.obsmtp.com Linux 2.5 (sometimes 2.4) (4) Received: from [64.18.2.163] ([64.18.2.163:56711] helo=mail-ie0-f181.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C3/04-63415-63D6B645 for ; Tue, 18 Nov 2014 11:00:56 -0500 Received: from mail-ie0-f181.google.com ([209.85.223.181]) (using TLSv1) by exprod7ob105.postini.com ([64.18.6.12]) with SMTP ID DSNKVGttM2VJBvwytLl8s4SUKsiKMjF5Bb7g@postini.com; Tue, 18 Nov 2014 08:00:56 PST Received: by mail-ie0-f181.google.com with SMTP id tp5so4656623ieb.26 for ; Tue, 18 Nov 2014 08:00:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=QyNGkI9axwJjz27oHFBYX+XU0zVJxZ+w01/dV2Yx1FY=; b=KUpeb/JF5v6ajHK4kiD97d2YblR0uU0HC5gNYz0REFr6gw/DFOk7UO4YWcAY6X+yFd ehKndD2c0vzEAOashydmqv5jzj+szemnEEDt+Qzeo3AIxUMpS5APmZK0v8ivnobbL06O U0C29HMxDxqA+6Y0JSsQ5FItOTFRl+VLktsNht1fF1X/2vcQO7P2Ais+8szdEXhW5jyX UYbBxaKmNHTNcs3QWkAkzOYiCqRqWL20Fda/TDGBfiz7lQMlCnGxWbqww0Tbfv/6MFMD ZL3OrwSo0v53rncR1UVLbKjU/VkhETc2oUvL1I0Jt6oZoDHajmTcgHTycThPW98krs4g S1cw== X-Gm-Message-State: ALoCoQkcfEYsGD3oOkNPfRrwrT2J+Vkg1GHQDga+t4CulE4fO8PgYmmBzlPtcJ4GSzpFypIvot1xfm3L3gqfDj4lUrIBsfJsllondtmQOtgyKjVtaylsYO8Wh9FL/W1fBrIh68ADUz3hOqdtbXFFmiOcLnxWf4Hhyg== X-Received: by 10.107.168.18 with SMTP id r18mr3305440ioe.76.1416326451214; Tue, 18 Nov 2014 08:00:51 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.107.168.18 with SMTP id r18mr3305248ioe.76.1416326449975; Tue, 18 Nov 2014 08:00:49 -0800 (PST) Received: by 10.42.107.80 with HTTP; Tue, 18 Nov 2014 08:00:49 -0800 (PST) In-Reply-To: References: <1415638978.23992.4.camel@kuechenschabe> Date: Tue, 18 Nov 2014 11:00:49 -0500 Message-ID: To: internals@lists.php.net Content-Type: multipart/alternative; boundary=001a1140f88eeff1de050824321b Subject: Re: [PHP-DEV] PDO mysql - add feature to enforce single statements? From: peter.wolanin@acquia.com (Peter Wolanin) --001a1140f88eeff1de050824321b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Any other input on this pull request? Are there tests that should be duplicated to run in single vs multi query mode? -Peter On Fri, Nov 14, 2014 at 10:49 AM, Ferenc Kovacs wrote: > yeah, the consensus was to create feature request on bugs.php.net for PRs > (and link the PR from the bugtracker), so that we each NEWS entry can lin= k > to a bug#. > > On Fri, Nov 14, 2014 at 4:04 PM, Peter Wolanin > wrote: > >> Added as a feature request also: https://bugs.php.net/bug.php?id=3D6842= 4 >> >> I'm a little unclear about the preferred workflow for using pull request= s >> vs. bugs.php.net - it seems liek most everything released ends up >> referring >> to an issue on bugs.php.net? >> >> -Peter >> >> On Thu, Nov 13, 2014 at 8:21 PM, Peter Wolanin >> wrote: >> >> > I've added a pull request here with a proposal to add the attribute at >> > connection time: https://github.com/php/php-src/pull/896 >> > >> > I think given PHP users the option to do this is really critical for >> > securing against SQL injection, and giving more consistent behavior >> between >> > native and emulated prepares. >> > >> > From my reading of the mysql API, enabling multi-query implicitly >> enables >> > multi results, but it's also possible to enable multi results >> separately, >> > and I've left it as is, explicitly enabled, in the patch. >> > >> > Do you have an example of a stored procedure to test? >> > >> > Thanks, >> > >> > Peter >> > >> > On Mon, Nov 10, 2014 at 12:02 PM, Johannes Schl=C3=BCter < >> > johannes@schlueters.de> wrote: >> > >> >> On Thu, 2014-11-06 at 19:52 -0500, Peter Wolanin wrote: >> >> > Suggested solution: add a PDO attribute that could be set on a >> >> > connection or a driver option for PDO::prepare to enforce the limit >> of >> >> > a single query being prepared or run. >> >> >> >> The issue is that disabling multi-query implicitly also disables >> support >> >> for stored procedures as the same flag configures handling of >> operations >> >> with multiple result sets. So this probably needs more thoughts >> >> especially in order to get "similar" behavior with different >> >> databases ... can you add a feature request in the bug tracker for >> this? >> >> >> >> johannes >> >> >> >> >> >> >> > >> > >> > -- >> > Peter M. Wolanin, Ph.D. : Momentum Specialist, Acquia. Inc. >> > peter.wolanin@acquia.com : 781-313-8322 >> > >> >> >> >> -- >> Peter M. Wolanin, Ph.D. : Momentum Specialist, Acquia. Inc. >> peter.wolanin@acquia.com : 781-313-8322 >> > > > > -- > Ferenc Kov=C3=A1cs > @Tyr43l - http://tyrael.hu > --=20 Peter M. Wolanin, Ph.D. : Momentum Specialist, Acquia. Inc. peter.wolanin@acquia.com : 781-313-8322 --001a1140f88eeff1de050824321b--