rfc:mysql_deprecation

This is an old revision of the document!


Request for Comments: ext/mysql deprecation

This RFC proposes to generate E_DEPRECATED errors when connecting to a MySQL database with the ext/mysql API.

Background

In July 2011, Philip started a discussion on the Internals mailing list around the path forward for deprecating ext/mysql, as had been discussed informally for many years. It was agreed at the time that the first step would be to add warnings to the manual, which was done in June.

At the time, it was suggested that we revisit not adding deprecation errors to php-src until 5.5/6.0. Ergo, this RFC.

Proposed Action

As a subsequent step, I propose that we generate E_DEPRECATED errors when users connect to MySQL: whether through mysql_connect(), mysql_pconnect() or the implicit connection functionality built into ext/mysql.

An extremely trivial patch to do this is available.

Why?

I'll quote from last year's discussion, rather than writing a long screed myself.

Philip wrote:

The documentation team is discussing the database security situation, and educating users to move away from the commonly used ext/mysql extension is part of this.

Later, Johannes wrote:

Moving away from ext/mysql is not only about security but also about having access to all features of the MySQL database.

ext/mysql was built for MySQL 3.23 and only got very few additions since then while mostly keeping compatibility with this old version which makes the code a bit harder to maintain. From top of my head missing features not support be ext/mysql include:
  * Stored Procedures (can't handle multiple result sets)
  * Prepared Statements
  * Encryption (SSL)
  * Compression
  * Full Charset support
  * ... 


So moving away from ext/mysql is a good thing.

None of those reasons have gone away.

Issues

I don't believe either of these issues are significant enough to justify delaying the deprecation of ext/mysql, but they're both concerns I've heard from users.

Tutorials

There are thousands of tutorials out there that teach users PHP using ext/mysql. Many of these tutorials also teach other outdated practices, such as magic quotes, improper (or no) escaping of user input and use of register globals, but undoubtedly some are also still of value. Removing ext/mysql in future will make these tutorials at best useless, and at worst, impediments to PHP takeup.

Large Existing Codebase

There is also a huge amount of code out there that relies on ext/mysql. At the very least, a compatibility library will need to be developed if ext/mysql is to ever be unbundled.

Possible Future Action

Some future release of PHP will presumably unbundle ext/mysql, at which point it can be moved out to PECL to slowly bitrot. That future release is not part of this RFC, however.

Workarounds

Converting to MySQLi or PDO

Suppressing deprecation warnings

While code is being converted to MySQLi, E_DEPRECATED errors can be suppressed by setting error_reporting in php.ini to exclude E_DEPRECATED:

  error_reporting = E_ALL ^ E_DEPRECATED

Note that this will also hide other deprecation warnings, however, which may be for things other than MySQL.

Changelog

  • 2012-11-13: Added workarounds; fixed formatting on the quote of Johannes' e-mail.
  • 2012-11-12: Initial version.
rfc/mysql_deprecation.1352775974.txt.gz · Last modified: 2012/11/13 04:06 by aharvey