Hi,
I know I'm very late, but I really haven't had a chance until now. I do
have a few improvements for PDO_PGSQL that I'd really love to get into
PHP 5.6 if possible. They are about:
-
Cleaning up the #ifdef mess by raising the libpq requirements to
versions providing PQprepare, PQescapeStringConn, PQescapeByteaConn,
that is some 8.1.x / 8.2.x (which are way past EOL anyway). -
Deprecate PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT which is
effectively equivalent to PDO::ATTR_EMULATE_PREPARES. There's no need to
keep and maintain both of them. -
PQexecParams support. By default server side prepared statements are
used, which is a waste of time/resources in case the query has to be
executed just once. You can normally avoid that by using
PDO::ATTR_EMULATE_PREPARES, which is much faster, but forces PDO to
inline parameters in the queries. A newly introduced
PDO::PGSQL_ATTR_DISABLE_PREPARES will switch to use PQexecParams by
sending the query with placeholders and parameters separately, like
PQprepare does, without having to worry with the potential security
risks of ATTR_EMULATE_PREPARES.
Thoughts?
Cheers
Matteo Beccati
Development & Consulting - http://www.beccati.com/
Hi,
I know I'm very late, but I really haven't had a chance until now. I do
have a few improvements for PDO_PGSQL that I'd really love to get into
PHP 5.6 if possible. They are about:
Cleaning up the #ifdef mess by raising the libpq requirements to
versions providing PQprepare, PQescapeStringConn, PQescapeByteaConn,
that is some 8.1.x / 8.2.x (which are way past EOL anyway).Deprecate PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT which is
effectively equivalent to PDO::ATTR_EMULATE_PREPARES. There's no need to
keep and maintain both of them.PQexecParams support. By default server side prepared statements are
used, which is a waste of time/resources in case the query has to be
executed just once. You can normally avoid that by using
PDO::ATTR_EMULATE_PREPARES, which is much faster, but forces PDO to
inline parameters in the queries. A newly introduced
PDO::PGSQL_ATTR_DISABLE_PREPARES will switch to use PQexecParams by
sending the query with placeholders and parameters separately, like
PQprepare does, without having to worry with the potential security
risks of ATTR_EMULATE_PREPARES.
I haven't committed the changed to master either, in case someone has
objections, but I've created a pull request for you to have a look:
https://github.com/php/php-src/pull/619
I also haven't created RFCs as the changes are minimal and the deafault
behaviour is unaffected (E_DEPRECATED aside).
Cheers
Matteo Beccati
Development & Consulting - http://www.beccati.com/