rfc:debugging_pdo_prepared_statement_emulation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Next revisionBoth sides next revision
rfc:debugging_pdo_prepared_statement_emulation [2016/10/17 19:16] – created adambaratzrfc:debugging_pdo_prepared_statement_emulation [2016/11/16 23:03] – fix formatting around discussion links adambaratz
Line 1: Line 1:
 ====== PHP RFC: Debugging PDO Prepared Statement Emulation ====== ====== PHP RFC: Debugging PDO Prepared Statement Emulation ======
-  * Version: 0.1+  * Version: 0.4
   * Date: 2016-10-17   * Date: 2016-10-17
   * Author: Adam Baratz adambaratz@php.net   * Author: Adam Baratz adambaratz@php.net
-  * Status: Under Discussion+  * Status: In Discussion
   * First Published at: https://wiki.php.net/rfc/debugging_pdo_prepared_statement_emulation   * First Published at: https://wiki.php.net/rfc/debugging_pdo_prepared_statement_emulation
  
 ===== Introduction ===== ===== Introduction =====
-PDO is built on the concept of prepared statements. It expects individual database drivers to manage statement execution, but also allows prepared statements to be emulated. Emulation means that the pdo extension, using no third-party code, generates a query string for literal execution by the driver. It identifies parameters within the statement string and interpolates escaped values. If you want to debug this process, you must use separate logging or tracing tools. This can add time to the development process. Depending on the environment, developers may not have access to these tools. This can make it difficult to use the pdo_dblib driver, since the DB-Library API doesn't support prepared statements. The pdo_mysql and pdo_pgsql drivers offer the option to emulate. In the case of pdo_mysql, it's enabled by default.+PDO is built on the concept of prepared statements. It expects individual database drivers to manage statement execution, but also allows prepared statements to be emulated. Emulation means that the pdo extension, using no third-party code, generates a query string for literal execution by the driver. It identifies parameters within the statement string and interpolates escaped values. You must use separate logging or tracing tools to debug this process.
  
-===== Proposal ===== +If you're a PHP developer, this can add time to the development process. Depending on the environment, you may not have access to these tools. This can make it difficult to use the pdo_dblib driver, since the DB-Library API doesn't support prepared statements. The pdo_mysql and pdo_pgsql drivers offer the option to emulate. In the case of pdo_mysql, it's enabled by default. I've seen many developers write ad hoc parsers in userland as a workaround.
-People who use emulated prepared statements should be able to debug them without using additional tools. I would like to discuss three possible solutions to this problem.+
  
-==== Consistency Between Prepared Statement Emulation And PDO::quote() ==== +If you're a PHP internals developer, this prevents you from writing good .phpt tests against pdo_sql_parser.re. Without being able to inspect the raw query string, you can only test the effects of the queries it generatesFor exampleyou might want to verify an int is quoted as 1 and not '1'. A database might cast the string to an intdoing the right thing with it, but obscuring that to the developer.
-The piece of functionality that usually needs to be debugged is how values are escapedThere is already a method, ''PDO::quote()'', that is meant to reveal thisbut it typically behaves differently from the prepared statement emulator:+
  
-<code php> +===== Proposal ===== 
-$db new PDO(...); +People who use emulated prepared statements should be able to debug them within userlandwithout using additional tools. PDO already provides some debug functionality in the form of ''PDOStatement::debugDumpParams()''. This method would be extended to include the parsed query string:
- +
-$stmt $db->query('SELECT :int'); +
-$stmt->bindValue(':int', 1, PDO::PARAM_INT); +
-$stmt->execute(); // => SELECT 1 +
- +
-$stmt $db->query('SELECT ' . $db->quote(1, PDO::PARAM_INT)); +
-$stmt->execute(); // => SELECT '1' +
-</code> +
- +
-I say typically, because the behavior of PDO::quote() is determined by a driver's [[https://github.com/php/php-src/blob/master/ext/pdo/php_pdo_driver.h#L302|quoter]] function. While these functions are given the specified parameter type, they all ignore that value and assume all input should be handled as a string. +
- +
-Currently, the prepared statement emulator escapes values like [[https://github.com/php/php-src/blob/master/ext/pdo/pdo_sql_parser.re#L251|this]]: +
-  * Bool, int, and null values are handled within the emulator. +
-  * Other values have their zvals cast to a stringwhich is passed to the driver's quoter function. +
- +
-This logic could be moved to a common PDO C API, which ''PDO::quote()'' could invokeIf a driver didn't define a quoter function, ''PDO::quote()'' could continue to return false. +
- +
-This approach doesn't feel ideal. It would be difficult to work out how people expect ''PDO::quote()'' to behave. That method would be changed in different ways for different drivers. And it wouldn't allow full debugging of the emulator. +
- +
-==== PDO::DBLIB_ATTR_ACTIVE_QUERY_STRING ==== +
-Since prepared statements are only mandatory for pdo_dblib, a driver-specific attribute could produce the parsed query:+
  
 <code php> <code php>
-$db new PDO(...);+/* Execute a prepared statement by binding PHP variables */ 
 +$calories 150; 
 +$colour = 'red';
  
-// works with statements without bound values +$sth = $dbh->prepare('SELECT name, colour, calories 
-$stmt = $db->query('SELECT 1'); +    FROM fruit 
-var_dump($stmt->getAttribute(PDO::DBLIB_ATTR_ACTIVE_QUERY_STRING)); // =string(8"SELECT 1"+    WHERE calories < ? AND colour = ?'); 
 +$sth->bindParam(1, $calories, PDO::PARAM_INT); 
 +$sth->bindValue(2, $colour, PDO::PARAM_STR); 
 +$sth->execute();
  
-$stmt = $db->prepare('SELECT :string'); +$sth->debugDumpParams();
-$stmt->bindValue(':string', 'foo');+
  
-// returns unparsed query before execution +/*
-var_dump($stmt->getAttribute(PDO::DBLIB_ATTR_ACTIVE_QUERY_STRING)); // => string(14) "SELECT :string"+
  
-// returns parsed query after execution +Output:
-$stmt->execute(); +
-var_dump($stmt->getAttribute(PDO::DBLIB_ATTR_ACTIVE_QUERY_STRING)); // => string(11) "SELECT 'foo'" +
-</code> +
- +
-Since this would be a debug tool, the attribute shouldn't affect the state of the ''PDOStatement'' instance. You usually don't know something went wrong with the parsing until after execution, anyway. +
- +
-This is a slightly awkward use of an attribute -- the existing debug hook, ''PDOStatement::debugDumpParams()'', is a method -- and users of other drivers could benefit from the functionality. It doesn't feel like good design to push special behavior into individual drivers. +
- +
-==== PDOStatement::activeQueryString() ==== +
-Similar to the above, but as an API addition: +
- +
-<code php> +
-$db = new PDO(...); +
- +
-// works with statements without bound values +
-$stmt = $db->query('SELECT 1'); +
-var_dump($stmt->activeQueryString()); // => string(8) "SELECT 1" +
- +
-$stmt = $db->prepare('SELECT :string'); +
-$stmt->bindValue(':string', 'foo');+
  
-// returns unparsed query before execution +SQL: [82] SELECT name, colour, calories 
-var_dump($stmt->activeQueryString()); // => string(14) "SELECT :string"+    FROM fruit 
 +    WHERE calories < ? AND colour 
 +Parsed SQL: [88] SELECT name, colour, calories 
 +    FROM fruit 
 +    WHERE calories < 150 AND colour = 'red' 
 +Params 2 
 +Key: Position #0: 
 +paramno=0 
 +name=[0] "
 +is_param=1 
 +param_type=1 
 +Key: Position #1: 
 +paramno=1 
 +name=[0] "" 
 +is_param=1 
 +param_type=2
  
-// returns parsed query after execution +*/
-$stmt->execute(); +
-var_dump($stmt->activeQueryString()); // => string(11) "SELECT 'foo'"+
 </code> </code>
  
-This feels like the least disruptive solution to this problem.+The "Parsed SQL" section will only be shown if the prepared statement emulation is enabled.
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
-The first proposal could introduce functionality changes, but they would be in the interest of more consistent behavior across PDO.+N/A
  
 ===== Proposed PHP Version(s) ===== ===== Proposed PHP Version(s) =====
 Next PHP 7.x. Next PHP 7.x.
- 
-===== RFC Impact ===== 
-The second proposal would introduce a new constant. 
  
 ===== Future Scope ===== ===== Future Scope =====
-It's been suggested that PDO shouldn't allow prepare statement emulation. Since the mssql extension was deprecated in PHP 7 in favor of pdo_dblibI don't think this is possible. But perhaps this functionality could be isolated in pdo_dblib as "grandfathered" functionality. If people feel strongly about this, the third proposal wouldn't be a good idea.+It's been suggested that PDO shouldn't allow prepare statement emulation. This new functionality would only engage if emulation is enabledso it will self-destruct if emulation is dropped.
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
 This project requires a 50%+1 majority. This project requires a 50%+1 majority.
  
-===== Patches and Tests ===== +<doodle title="Debugging PDO Prepared Statement Emulation v0.4" auth="abaratz" voteType="single" closed="false"> 
-A working implementation, with tests, of the third proposal: https://github.com/php/php-src/pull/2159 +   * Yes 
- +   * No 
-If one of the other proposals is accepted, I could do the implementation myself.+</doodle>
  
 ===== References ===== ===== References =====
-Initial discussion of this proposal on the internals mailing list: http://marc.info/?l=php-internals&m=147638162506291&w=2+Initial discussion of this proposal on the internals mailing list: 
 +  * http://marc.info/?l=php-internals&m=147638162506291&w=2 
 +  * http://marc.info/?l=php-internals&m=147734024403899&w=2 
 +  * http://marc.info/?l=php-internals&m=147673258418764&w=2
rfc/debugging_pdo_prepared_statement_emulation.txt · Last modified: 2018/03/01 23:27 by carusogabriel

Page Tools