rfc:pdo_escape_placeholders
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
rfc:pdo_escape_placeholders [2017/06/07 09:42] – mbeccati | rfc:pdo_escape_placeholders [2019/07/22 09:09] – Accepted nikic | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== PHP RFC: Escape PDO placeholders | + | ====== PHP RFC: Escape PDO "?" |
- | * Version: | + | * Version: 1.0 |
- | * Date: 2016-12-18 | + | * Date: 2019-05-31 |
* Author: Matteo Beccati < | * Author: Matteo Beccati < | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
===== Introduction ===== | ===== Introduction ===== | ||
PostgreSQL, and possibly other databases, allow the usage of the question mark ("?" | PostgreSQL, and possibly other databases, allow the usage of the question mark ("?" | ||
- | operators that include it in their names. Most of them belong to geometric types ((https:// | + | operators that include it in their names. Most of them belong to geometric types ((https:// |
===== Proposal ===== | ===== Proposal ===== | ||
- | Improve the PDO SQL parser so that question marks can be escaped by doubling them, similarly to what the SQL standard does with single quotes within string literals, which is also the same behaviour implemented in JDBC ((https:// | + | Improve the PDO SQL parser so that question marks can be escaped by doubling them, similarly to what the SQL standard does with single quotes within string literals, which is also the same behaviour implemented in JDBC ((https:// |
+ | For example it would be possible to do the following: | ||
+ | <code php> | ||
+ | $stmt = $pdo-> | ||
+ | $stmt-> | ||
+ | </ | ||
+ | |||
+ | which would effectively run the following query: | ||
+ | |||
+ | <code sql> | ||
+ | SELECT * FROM tbl WHERE json_col ? ' | ||
+ | </ | ||
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
- | What breaks, and what is the justification for it? | + | The parsing of the "??" |
+ | |||
+ | The only exception to that is that Postgres (and possibly other RDMSs) allows | ||
+ | |||
+ | Since the change affects the PDO SQL parser, all the drivers could potentially use escaping, unless they use the "?" | ||
===== Proposed PHP Version(s) ===== | ===== Proposed PHP Version(s) ===== | ||
- | List the proposed PHP versions that the feature will be included in. Use relative versions such as " | + | Next PHP 7.x, which is 7.4. |
===== RFC Impact ===== | ===== RFC Impact ===== | ||
Line 25: | Line 40: | ||
==== To Existing Extensions ==== | ==== To Existing Extensions ==== | ||
- | All PDO drivers will be somehow affected | + | All PDO drivers will be saffected |
==== To Opcache ==== | ==== To Opcache ==== | ||
Line 31: | Line 46: | ||
===== Open Issues ===== | ===== Open Issues ===== | ||
- | Make sure there are no open issues when the vote starts! | + | None. |
- | ===== Unaffected PHP Functionality | + | ===== Alternative proposals |
- | List existing areas/ | + | |
- | This helps avoid any ambiguity, shows that you have thought deeply about the RFC's impact, and helps reduces mail list noise. | + | ==== Why not \? ==== |
+ | That was my first idea, but backslash is the escaping symbol for strings themselves, which was potentially making eventual escaping quite confusing: in order to send a backslash followed by a positional parameter placeholder one would have to write " | ||
- | ===== Future Scope ===== | + | ==== New PDO Flags ==== |
- | This sections details areas where the feature might be improved in future, but that are not currently proposed in this RFC. | + | It had been proposed to add some flags to enable/ |
- | ===== Proposed Voting Choices ===== | + | ==== Custom placeholder styles for drivers |
- | Include these so readers know where you are heading and can discuss | + | Another suggestion was to use different styles for placeholders to match the database driver in use, which to me seems a huge step backwards. |
- | State whether this project requires a 2/3 or 50%+1 majority (see [[voting]]) | + | ===== Unaffected PHP Functionality ===== |
+ | Everything not PDO. | ||
- | ===== Patches and Tests ===== | + | ===== Vote ===== |
- | Links to any external patches and tests go here. | + | Started 7th July 2019. Ends 22nd July 2019 |
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
- | If there is no patch, make it clear who will create | + | ===== Proposed Voting Choices ===== |
+ | This RFC requires | ||
- | Make it clear if the patch is intended to be the final patch, or is just a prototype. | + | ===== Patches and Tests ===== |
- | + | [[https:// | |
- | For changes affecting the core language, you should also provide a patch for the language specification. | + | |
- | + | ||
- | ===== Implementation | + | |
- | After the project is implemented, | + | |
- | - the version(s) it was merged to | + | |
- | - a link to the git commit(s) | + | |
- | - a link to the PHP manual entry for the feature | + | |
- | | + | |
===== References ===== | ===== References ===== | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
- | |||
- | ===== Rejected Features ===== | ||
- | Keep this updated with features that were discussed on the mail lists. |
rfc/pdo_escape_placeholders.txt · Last modified: 2020/08/01 23:55 by carusogabriel