Hi internals,
I am proposing the next change to improve mysqli extension. This RFC's goal
is to add a new optional parameter to mysqli_stmt:execute() that will take
an array of parameters.
The RFC is located at https://wiki.php.net/rfc/mysqli_bind_in_execute
I'd be happy to hear your comments.
Kind Regards,
Kamil Tekiela
https://wiki.php.net/rfc/mysqli_bind_in_execute
I'd be happy to hear your comments.
Please let this pass.
The current approach is absolutely horrible and causes so many developers
using mysqli to do things incorrectly (like trying to use escaping, which
is so easy to get make mistakes with).
Craig
Hi internals,
I am proposing the next change to improve mysqli extension. This RFC's goal
is to add a new optional parameter to mysqli_stmt:execute() that will take
an array of parameters.The RFC is located at https://wiki.php.net/rfc/mysqli_bind_in_execute
I'd be happy to hear your comments.
Kind Regards,
Kamil Tekiela
Le 11 févr. 2021 à 20:43, Kamil Tekiela tekiela246@gmail.com a écrit :
Hi internals,
I am proposing the next change to improve mysqli extension. This RFC's goal
is to add a new optional parameter to mysqli_stmt:execute() that will take
an array of parameters.The RFC is located at https://wiki.php.net/rfc/mysqli_bind_in_execute
I'd be happy to hear your comments.
Kind Regards,
Kamil Tekiela
Hi,
In the paragraph “Difference between PDO and mysqli”, you propose:
“Array keys are completely ignored. mysqli doesn't have emulated prepares nor does it have named parameters.”
Instead of ignoring the keys, I think it is better to throw a TypeError when the provided array is not a “list” in the sense of array_is_list() introduced [in a recent RFC] (https://wiki.php.net/rfc/is_list). The reasons are:
- provide the user with useful feedback when they are attempting to do something dubious and/or their intent is ambiguous;
- be forward compatible with possible future addition of named parameters;
- reduce the difference with PDO for input that are accepted in both mysqli and PDO.
—Claude
Hi,
In the paragraph “Difference between PDO and mysqli”, you propose:
“Array keys are completely ignored. mysqli doesn't have emulated prepares
nor does it have named parameters.”Instead of ignoring the keys, I think it is better to throw a TypeError
when the provided array is not a “list” in the sense ofarray_is_list()
introduced [in a recent RFC] (https://wiki.php.net/rfc/is_list). The
reasons are:
- provide the user with useful feedback when they are attempting to do
something dubious and/or their intent is ambiguous;- be forward compatible with possible future addition of named parameters;
- reduce the difference with PDO for input that are accepted in both
mysqli and PDO.—Claude
Hi Claude,
Thanks for the feedback. I thought about it and I have to say I honestly do
not know which way would be better. I haven't received any other comments
so far. What you are proposing makes sense, but I don't know how to
implement this. I am not so experienced with PHP internals so I would
require some help to add such an error.
The only other comments I have seen so far are from Reddit
https://www.reddit.com/r/PHP/comments/llntv5/php_rfc_mysqli_bind_in_execute/
I could add another voting option for people to decide whether they want
the keys to be ignored or if they want an error. I appreciate it if anyone
has any other comments about this proposal too.
Kind Regards,
Kamil
Hi All,
I have changed the RFC based on the last suggestion. If the argument is not
a list array then a ValueError will be thrown.
If anyone is opposed to this change and instead would prefer the previous
behaviour please explain your reasoning.
Regards,
Kamil