Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:96607
Return-Path: <lester@lsces.co.uk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 90663 invoked from network); 24 Oct 2016 21:26:22 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Oct 2016 21:26:22 -0000
Authentication-Results: pb1.pair.com smtp.mail=lester@lsces.co.uk; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=lester@lsces.co.uk; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain lsces.co.uk from 185.153.204.214 cause and error)
X-PHP-List-Original-Sender: lester@lsces.co.uk
X-Host-Fingerprint: 185.153.204.214 mail4-2.serversure.net Linux 2.6
Received: from [185.153.204.214] ([185.153.204.214:51567] helo=mail4.serversure.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B6/31-17723-C7C7E085 for <internals@lists.php.net>; Mon, 24 Oct 2016 17:26:21 -0400
Received: (qmail 27422 invoked by uid 89); 24 Oct 2016 21:26:17 -0000
Received: by simscan 1.3.1 ppid: 27414, pid: 27418, t: 0.0416s
         scanners: attach: 1.3.1 clamav: 0.96/m:52/d:10677
Received: from unknown (HELO ?10.0.0.7?) (lester@rainbowdigitalmedia.org.uk@81.138.11.136)
  by mail4.serversure.net with ESMTPA; 24 Oct 2016 21:26:17 -0000
To: internals@lists.php.net
References: <CADxrgCNboXRbZf1V7RWtGBvbbYA-h8bknu=YD8dQ0jjUtKYtbw@mail.gmail.com>
 <CADxrgCNN4=xRUsX2mOMOCDi6GcZSqHCMZEQpkNV9T9fFpNaJfw@mail.gmail.com>
Message-ID: <cc2d7ef8-5058-bd5d-91d1-117f11c1f056@lsces.co.uk>
Date: Mon, 24 Oct 2016 22:26:17 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <CADxrgCNN4=xRUsX2mOMOCDi6GcZSqHCMZEQpkNV9T9fFpNaJfw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: [RFC] Debugging PDO Prepared Statement Emulation
From: lester@lsces.co.uk (Lester Caine)

On 24/10/16 21:16, Adam Baratz wrote:
>> I've created an RFC to make it easier to work with emulated prepared
>> > statements:
>> > https://wiki.php.net/rfc/debugging_pdo_prepared_statement_emulation
>> >
> Does anyone have feedback?

Since PDO is an interface to third party databases this seems totally
out of place in PHP. Prepared statements are a sensible mechanism for
for anyone wanting secure access to those database, so what is the point
of this code. The emulated versions simply replace parameters with raw
data so database engines that don't have parameters get simple SQL
statements which can be directly viewed. You do not need any code to
create virtual parameters that are useless in the wire connection to the
database anyway.

Older mysql did not have prepared queries hence the default of
converting the more secure SQL into something old mysql could handle. I
presume that dblib has the same fundamental problem? But mssql has
prepared statements so dblib SHOULD provide that interface?

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk