rfc:pdo_driver_specific_parsers
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
rfc:pdo_driver_specific_parsers [2024/05/02 08:45] – Updated PR: support for more pgsql literals mbeccati | rfc:pdo_driver_specific_parsers [2024/06/10 13:28] (current) – Minor fixes adiel | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PHP RFC: PDO Driver specific SQL parsers ====== | ====== PHP RFC: PDO Driver specific SQL parsers ====== | ||
- | * Version: | + | * Version: |
* Date: 2024-04-11 | * Date: 2024-04-11 | ||
* Author: Matteo Beccati, mbeccati@php.net | * Author: Matteo Beccati, mbeccati@php.net | ||
- | * Status: | + | * Status: |
* Discussion: [[https:// | * Discussion: [[https:// | ||
* First Published at: [[https:// | * First Published at: [[https:// | ||
Line 11: | Line 11: | ||
The PDO extension contains a SQL parser, whose main purpose is to recognise parameter placeholders inside queries (i.e. ''"?"'' | The PDO extension contains a SQL parser, whose main purpose is to recognise parameter placeholders inside queries (i.e. ''"?"'' | ||
- | This parser had historically been modelled to work with what was the de-facto SQL standard in the PHP ecosystem at that time: MySQL. However, the SQL dialect used by MySQL is different when handling string literals from standard SQL, followed by other database vendors, such as PostgreSQL and SQLite. | + | This parser had historically been modelled to work with the de-facto SQL standard in the PHP ecosystem at that time: MySQL. However, the SQL dialect used by MySQL is different when handling string literals from standard SQL, followed by other database vendors, such as PostgreSQL and SQLite. |
Specifically, | Specifically, | ||
Line 26: | Line 26: | ||
will make PDO consider ''"' | will make PDO consider ''"' | ||
- | We have several reports of similar bugs [[https:// | + | We have several reports of similar bugs [[https:// |
In a nutshell, the PDO SQL scanner function doesn' | In a nutshell, the PDO SQL scanner function doesn' | ||
==== Bonus improvement ==== | ==== Bonus improvement ==== | ||
- | The limitation of a global SQL parser in PDO meant that my previous [[rfc: | + | The limitation of a global SQL parser in PDO meant that my previous [[rfc: |
===== Proposal ===== | ===== Proposal ===== | ||
Line 39: | Line 39: | ||
- single and double quoted literals, with doubling as escaping mechanism | - single and double quoted literals, with doubling as escaping mechanism | ||
- two-dashes and C-style comments (non-nested, | - two-dashes and C-style comments (non-nested, | ||
- | - Add a MySQL specific scanner function: | + | - Add a MySQL-specific scanner function: |
- single and double quoted literals with both doubling and backslash as escaping mechanisms (MySQL default) | - single and double quoted literals with both doubling and backslash as escaping mechanisms (MySQL default) | ||
- backtick literals with doubling as escaping mechanism (I also tested and it seems MySQL doesn' | - backtick literals with doubling as escaping mechanism (I also tested and it seems MySQL doesn' | ||
- | - two-dashes, C-style comments, and Hash-comments, albeit I couldn' | + | - two-dashes |
- Tests, as necessary | - Tests, as necessary | ||
- | - Add a PgSQL specific scanner function: | + | - Add a PgSQL-specific scanner function: |
- single and double quoted literals, with doubling as escaping mechanism | - single and double quoted literals, with doubling as escaping mechanism | ||
- C-style " | - C-style " | ||
Line 51: | Line 51: | ||
- Support for "??" | - Support for "??" | ||
- Tests, as necessary | - Tests, as necessary | ||
- | - Add a SqLite specific scanner function: | + | - Add a SqLite-specific scanner function: |
- single, double quoted, and backtick literals, with doubling as escaping mechanism | - single, double quoted, and backtick literals, with doubling as escaping mechanism | ||
+ | - square brackets quoting for identifiers | ||
- two-dashes and C-style comments (non-nested) | - two-dashes and C-style comments (non-nested) | ||
- Tests, as necessary | - Tests, as necessary | ||
- | In order to keep the change as simple as possible, the proposal tries to cover the default SQL syntax for each database as closely as possible, without heavy changes to the common parser code. | + | To keep the change as simple as possible, the proposal tries to cover the default SQL syntax for each database as closely as possible, without heavy changes to the common parser code. |
One important thing to mention is that the proposed changes are only targeting the part of PDO that scans the SQL query for parameter placeholders. Quoting literals or using parameters in queries is **not going to be affected**. | One important thing to mention is that the proposed changes are only targeting the part of PDO that scans the SQL query for parameter placeholders. Quoting literals or using parameters in queries is **not going to be affected**. | ||
===== Detailed Proposal ===== | ===== Detailed Proposal ===== | ||
- | In order to execute the plan, a new member will be appended to: | + | To execute the plan, a new member will be appended to: |
<code c> | <code c> | ||
Line 74: | Line 75: | ||
</ | </ | ||
- | Each PDO driver defines already [[https:// | + | Each PDO driver defines already [[https:// |
- | The rest of the implementation is the actual re2c scanner code, config.*, Makefile changes, etc. required to incorporate the driver specific scanner into the build. | + | The rest of the implementation is the actual re2c scanner code, config.*, Makefile changes, etc. required to incorporate the driver-specific scanner into the build. |
+ | |||
+ | To support dollar-quoted strings on Postgres, the functionality of custom quoting has been added to the common PDO parser function. The change has no side effects for other database drivers. | ||
+ | |||
+ | One minor potential BC-break was reported while researching bug [[https:// | ||
+ | |||
+ | '' | ||
+ | |||
+ | Such BC-compatibility can be removed in the next major version. | ||
- | In order to support dollar-quoted strings on Postgres, the functionality of custom quoting has been added to the common PDO parser function. The change has no side effects for other database drivers. | ||
===== Research on String Literals, Identifiers, | ===== Research on String Literals, Identifiers, | ||
==== MySQL ==== | ==== MySQL ==== | ||
- | MySQL by default accepts both backslash escaped quotes and SQL standard. String literals can use single or double quotes. See [[https:// | + | MySQL by default accepts both backslash escaped quotes and SQL standard. String literals can use single or double quotes. See [[https:// |
The [[https:// | The [[https:// | ||
Line 91: | Line 99: | ||
Several [[https:// | Several [[https:// | ||
- | The RFC aims to support all the above kinds of string literals with string-affecting configuration variables set to their defaults. All comment types will be supported, however " | + | The RFC aims to support all the above kinds of string literals with string-affecting configuration variables set to their defaults. All comment types will be supported. |
==== PostgreSQL ==== | ==== PostgreSQL ==== | ||
- | Escaping has evolved | + | Escaping has evolved |
Postgres also supports [[https:// | Postgres also supports [[https:// | ||
Line 115: | Line 123: | ||
Follows the SQL standard, and requires double single quotes to represent the single quote in a string literal. See [[https:// | Follows the SQL standard, and requires double single quotes to represent the single quote in a string literal. See [[https:// | ||
- | It will however accept double quoted strings as string literals under [[https:// | + | It will however accept double-quoted strings as string literals under [[https:// |
Double quoted identifiers, | Double quoted identifiers, | ||
Line 121: | Line 129: | ||
Almost SQL standard [[https:// | Almost SQL standard [[https:// | ||
- | The RFC aims to support single-quoted, | + | The RFC aims to support single-quoted, |
==== SQL Server ==== | ==== SQL Server ==== | ||
Line 154: | Line 162: | ||
[[https:// | [[https:// | ||
- | Almost SQL standard [[https://www.sqlite.org/lang_comment.html|comments]]: | + | Almost SQL standard [[https://docs.oracle.com/en/ |
The OCI driver lives in PECL: the default scanner will be used by default, bringing compatibility for SQL standard string literals, identifiers, | The OCI driver lives in PECL: the default scanner will be used by default, bringing compatibility for SQL standard string literals, identifiers, | ||
Line 160: | Line 168: | ||
===== Historical Background ===== | ===== Historical Background ===== | ||
- | A few years back I attempted to fix a bug and came up with with a [[https:// | + | A few years back I attempted to fix a bug and came up with a [[https:// |
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
- | No expected | + | No BC breaks, but a deprecation notice will be raised when using the " |
Users having applications that can work with multiple database engines should still be very careful and write portable queries, possibly using the '' | Users having applications that can work with multiple database engines should still be very careful and write portable queries, possibly using the '' | ||
===== Proposed PHP Version(s) ===== | ===== Proposed PHP Version(s) ===== | ||
- | Next PHP 8.x, hopefully 8.4. | + | Next PHP 8.x, hopefully, 8.4. |
===== RFC Impact ===== | ===== RFC Impact ===== | ||
Line 175: | Line 183: | ||
==== To Existing Extensions ==== | ==== To Existing Extensions ==== | ||
- | Drivers outside of php-src might have to be modified if they make assumptions about the structure of enum pdo_param_type. They would have to be rebuilt since the PDO_DRIVER_API macro would be updated. | + | Drivers outside of php-src might have to be modified if they make assumptions about the structure of the enum pdo_param_type. They would have to be rebuilt since the PDO_DRIVER_API macro would be updated. |
That has historically been allowed/ | That has historically been allowed/ | ||
Line 199: | Line 207: | ||
The scanners are generated when PHP is compiled and, currently, cannot be modified at runtime. However, some databases allow configuration directives or '' | The scanners are generated when PHP is compiled and, currently, cannot be modified at runtime. However, some databases allow configuration directives or '' | ||
- | Being able to understand all possible combinations would require tracking what directives are different from the expected default and having | + | Being able to understand all possible combinations would require tracking what directives are different from the expected default and having |
===== Future Scope ===== | ===== Future Scope ===== | ||
Evaluate supporting " | Evaluate supporting " | ||
- | ===== Proposed | + | ===== Voting ===== |
- | As per the voting RFC a yes/no vote with a 2/3 majority is needed for this proposal to be accepted. | + | Voting will be open until Monday, 17 June 2024 at 15:00:00 UTC. As usual, |
+ | |||
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
===== Patches and Tests ===== | ===== Patches and Tests ===== | ||
- | [[https:// | + | [[https:// |
===== References ===== | ===== References ===== |
rfc/pdo_driver_specific_parsers.1714639540.txt.gz · Last modified: 2024/05/02 08:45 by mbeccati