rfc:mysql_deprecation

This is an old revision of the document!


Request for Comments: ext/mysql deprecation

This RFC proposes to generate E_DEPRECATED errors when connecting to a MySQL database with the ext/mysql API.

Voting

Please note that there are two questions below: please vote on both if possible. The first controls the direct result of this RFC, while the second is to provide guidance should the RFC be rejected.

Should ext/mysql generate E_DEPRECATED errors in PHP 5.5?
Real name Yes No
ab (ab)  
aharvey (aharvey)  
alan_k (alan_k)  
arpad (arpad)  
auroraeosrose (auroraeosrose)  
bjori (bjori)  
datibbaw (datibbaw)  
derick (derick)  
dragoonis (dragoonis)  
frozenfire (frozenfire)  
googleguy (googleguy)  
gwynne (gwynne)  
hradtke (hradtke)  
indeyets (indeyets)  
ircmaxell (ircmaxell)  
jpauli (jpauli)  
juliens (juliens)  
kalle (kalle)  
kriscraig (kriscraig)  
levim (levim)  
lstrojny (lstrojny)  
mfonda (mfonda)  
mike (mike)  
nikic (nikic)  
olemarkus (olemarkus)  
pajoye (pajoye)  
patrickallaert (patrickallaert)  
peehaa (peehaa)  
philip (philip)  
rasmus (rasmus)  
rdohms (rdohms)  
remi (remi)  
rmlr (rmlr)  
salathe (salathe)  
tony2001 (tony2001)  
uw (uw)  
willfitch (willfitch)  
Count: 25 12

There are four options available for the next question:

  • (a) Enhance the manual text to make the soft deprecation clearer, and generate E_DEPRECATED notices in PHP 5.6.
  • (b) Enhance the manual text to make the soft deprecation clearer, but take no further action in terms of E_DEPRECATED for the forseeable future.
  • (c) Remove the warnings from the manual and undeprecate ext/mysql entirely.
  • (d) Do nothing.
If the vote to make ext/mysql generate E_DEPRECATED errors is unsuccessful, what course of action do you think we should take?
Real name (a) (b) (c) (d)
ab (ab)    
aharvey (aharvey)    
alan_k (alan_k)    
arpad (arpad)    
auroraeosrose (auroraeosrose)    
bjori (bjori)    
datibbaw (datibbaw)    
derick (derick)    
dragoonis (dragoonis)    
frozenfire (frozenfire)    
googleguy (googleguy)    
gwynne (gwynne)    
hradtke (hradtke)    
indeyets (indeyets)    
ircmaxell (ircmaxell)    
jpauli (jpauli)    
juliens (juliens)    
kalle (kalle)    
kriscraig (kriscraig)    
levim (levim)    
lstrojny (lstrojny)    
mfonda (mfonda)    
mike (mike)    
olemarkus (olemarkus)    
pajoye (pajoye)    
patrickallaert (patrickallaert)    
peehaa (peehaa)    
philip (philip)    
rasmus (rasmus)    
rdohms (rdohms)    
remi (remi)    
rmlr (rmlr)    
salathe (salathe)    
sebastian (sebastian)    
stas (stas)    
tony2001 (tony2001)    
uw (uw)    
willfitch (willfitch)    
Count: 26 12 0 0

Background

In July 2011, Philip started a discussion on the Internals mailing list around the path forward for deprecating ext/mysql, as had been discussed informally for many years. It was agreed at the time that the first step would be to add warnings to the manual, which was done in June.

At the time, it was suggested that we revisit not adding deprecation errors to php-src until 5.5/6.0. Ergo, this RFC.

Proposed Action

As a subsequent step, I propose that we generate E_DEPRECATED errors when users connect to MySQL: whether through mysql_connect(), mysql_pconnect() or the implicit connection functionality built into ext/mysql.

An extremely trivial patch to do this is available.

The proposed wording of the deprecation message is:

The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead

Why?

I'll quote from last year's discussion, rather than writing a long screed myself.

Philip wrote:

The documentation team is discussing the database security situation, and educating users to move away from the commonly used ext/mysql extension is part of this.

Later, Johannes wrote:

Moving away from ext/mysql is not only about security but also about having access to all features of the MySQL database.

ext/mysql was built for MySQL 3.23 and only got very few additions since then while mostly keeping compatibility with this old version which makes the code a bit harder to maintain. From top of my head missing features not support be ext/mysql include:
  * Stored Procedures (can't handle multiple result sets)
  * Prepared Statements
  * Encryption (SSL)
  * Compression
  * Full Charset support
  * ... 


So moving away from ext/mysql is a good thing.

None of those reasons have gone away.

Ulf Wendel has also written a terrific blog post explaining why upgrading from ext/mysql is a good idea.

Issues

I don't believe either of these issues are significant enough to justify delaying the deprecation of ext/mysql, but they're both concerns I've heard from users.

Tutorials

There are thousands of tutorials out there that teach users PHP using ext/mysql. Many of these tutorials also teach other outdated practices, such as magic quotes, improper (or no) escaping of user input and use of register globals, but undoubtedly some are also still of value. Removing ext/mysql in future will make these tutorials at best useless, and at worst, impediments to PHP takeup.

Large Existing Codebase

There is also a huge amount of code out there that relies on ext/mysql. At the very least, a compatibility library will need to be developed if ext/mysql is to ever be unbundled.

Possible Future Action

Some future release of PHP will presumably unbundle ext/mysql, at which point it can be moved out to PECL to slowly bitrot. That future release is not part of this RFC, however.

Workarounds

Converting to MySQLi or PDO

Suppressing deprecation warnings

While code is being converted to MySQLi, E_DEPRECATED errors can be suppressed by setting error_reporting in php.ini to exclude E_DEPRECATED:

  error_reporting = E_ALL ^ E_DEPRECATED

Note that this will also hide other deprecation warnings, however, which may be for things other than MySQL.

Changelog

  • 1.1.2 (2012-11-28): Replace the Oracle Wiki link with a link to Ulf's new blog post; moved to voting phase.
  • 1.1.1 (2012-11-19): Added the wording of the deprecation message that was already in the patch.
  • 1.1 (2012-11-13): Added workarounds; fixed formatting on the quote of Johannes' e-mail.
  • 1.0 (2012-11-12): Initial version.
rfc/mysql_deprecation.1354082368.txt.gz · Last modified: 2012/11/28 06:59 by aharvey