rfc:pdo_escape_placeholders

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Last revisionBoth sides next revision
rfc:pdo_escape_placeholders [2017/06/07 10:53] mbeccatirfc:pdo_escape_placeholders [2019/08/10 23:19] derick
Line 1: Line 1:
 ====== PHP RFC: Escape PDO "?" parameter placeholder ====== ====== PHP RFC: Escape PDO "?" parameter placeholder ======
-  * Version: 0.+  * Version: 1.0 
-  * Date: 2016-12-18+  * Date: 2019-05-31
   * Author: Matteo Beccati <mbeccati@php.net>   * Author: Matteo Beccati <mbeccati@php.net>
-  * Status: Pre-Draft+  * Status: Accepted
   * First Published at: http://wiki.php.net/rfc/pdo_escape_placeholders   * First Published at: http://wiki.php.net/rfc/pdo_escape_placeholders
 +  * Targets: PHP 7.4
  
 ===== Introduction ===== ===== Introduction =====
Line 33: Line 34:
  
 ===== Proposed PHP Version(s) ===== ===== Proposed PHP Version(s) =====
-Next PHP 7.x, which is 7.2.+Next PHP 7.x, which is 7.4.
  
 ===== RFC Impact ===== ===== RFC Impact =====
Line 49: Line 50:
  
 ===== Alternative proposals ===== ===== Alternative proposals =====
 +
 +==== Why not \? ====
 +That was my first idea, but backslash is the escaping symbol for strings themselves, which was potentially making eventual escaping quite confusing: in order to send a backslash followed by a positional parameter placeholder one would have to write "\\\?" or "\\\\?", as "\\?" is in fact equivalent to "\?".
 +
 +==== New PDO Flags ====
 It had been proposed to add some flags to enable/disable usage of positional and/or named PDO parameter placeholders. After some evaluation, I've discarded it as I would find them unpractical to use (e.g. set the flag, execute, restore previous flags), potentially harmful for any code that follows (e.g. flags not reset after catching an exception), if at all a viable option for users of ORM or abstraction libraries. It had been proposed to add some flags to enable/disable usage of positional and/or named PDO parameter placeholders. After some evaluation, I've discarded it as I would find them unpractical to use (e.g. set the flag, execute, restore previous flags), potentially harmful for any code that follows (e.g. flags not reset after catching an exception), if at all a viable option for users of ORM or abstraction libraries.
  
-Likewise, using different styles for placeholders to match the database engine in use seems a huge step backwards.+==== Custom placeholder styles for drivers ==== 
 +Another suggestion was to use different styles for placeholders to match the database driver in use, which to me seems a huge step backwards.
  
 ===== Unaffected PHP Functionality ===== ===== Unaffected PHP Functionality =====
 Everything not PDO. Everything not PDO.
  
-===== Future Scope ===== +===== Vote ===== 
-This sections details areas where the feature might be improved in future, but that are not currently proposed in this RFC.+Started 7th July 2019Ends 22nd July 2019 
 +<doodle title="Add ?? as a way to escape ? in PDO parametrised queries?" auth="mbeccati" voteType="single" closed="true"> 
 +   * Yes 
 +   * No 
 +</doodle>
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
-Since there is no language change, this RFC requires a 50%+1 majority+This RFC requires a 2/3 majority
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
-[[https://github.com/php/php-src/pull/1967]]+[[https://github.com/php/php-src/pull/4217]]
  
 ===== References ===== ===== References =====
-[[https://externals.io/thread/81#email-10436]]+  * [[https://bugs.php.net/bug.php?id=71885]] (Feature request) 
 +  * [[https://github.com/php/php-src/pull/1967]] (Original PR)
  
rfc/pdo_escape_placeholders.txt · Last modified: 2020/08/01 23:55 by carusogabriel