rfc:pdo_escape_placeholders
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
rfc:pdo_escape_placeholders [2016/12/18 15:57] – created mbeccati | rfc:pdo_escape_placeholders [2020/08/01 23:55] (current) – RFC was implemented carusogabriel | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== PHP RFC: Escape PDO placeholders | + | ====== PHP RFC: Escape PDO "?" |
- | * Version: | + | * Version: 1.0 |
- | * Date: 2016-12-18 | + | * Date: 2019-05-31 |
* Author: Matteo Beccati < | * Author: Matteo Beccati < | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
+ | * Targets: PHP 7.4 | ||
===== Introduction ===== | ===== Introduction ===== | ||
PostgreSQL, and possibly other databases, allow the usage of the question mark ("?" | PostgreSQL, and possibly other databases, allow the usage of the question mark ("?" | ||
- | operators that include it in their names. Most of them belong to geometric types, but 3 of them apply to the //jsonb// type, which has been introduced in Postgres 9.4 and has a much wider and growing audience. Unfortunately it is impossible to use them with the PDO extension, due to a clash with the positional placeholder, | + | operators that include it in their names. Most of them belong to geometric types ((https:// |
===== Proposal ===== | ===== Proposal ===== | ||
- | Improve the PDO SQL parser so that question marks can be escaped by doubling them, in order to follow | + | Improve the PDO SQL parser so that question marks can be escaped by doubling them, similarly |
+ | For example it would be possible to do the following: | ||
+ | <code php> | ||
+ | $stmt = $pdo-> | ||
+ | $stmt-> | ||
+ | </ | ||
- | To [[http:// | + | which would effectively run the following query: |
- | for inclusion in one of the world' | + | |
- | Remember that the RFC contents should be easily reusable in the PHP Documentation. | + | <code sql> |
- | + | SELECT * FROM tbl WHERE json_col ? ' | |
- | If applicable, you may wish to use the language specification as a reference. | + | </ |
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
- | What breaks, and what is the justification for it? | + | The parsing of the "??" |
+ | |||
+ | The only exception to that is that Postgres (and possibly other RDMSs) allows | ||
+ | |||
+ | Since the change affects the PDO SQL parser, all the drivers could potentially use escaping, unless they use the "?" | ||
===== Proposed PHP Version(s) ===== | ===== Proposed PHP Version(s) ===== | ||
- | List the proposed PHP versions that the feature will be included in. Use relative versions such as " | + | Next PHP 7.x, which is 7.4. |
===== RFC Impact ===== | ===== RFC Impact ===== | ||
Line 32: | Line 41: | ||
==== To Existing Extensions ==== | ==== To Existing Extensions ==== | ||
- | All PDO drivers will be somehow affected | + | All PDO drivers will be saffected |
==== To Opcache ==== | ==== To Opcache ==== | ||
Line 38: | Line 47: | ||
===== Open Issues ===== | ===== Open Issues ===== | ||
- | Make sure there are no open issues when the vote starts! | + | None. |
- | ===== Unaffected PHP Functionality | + | ===== Alternative proposals |
- | List existing areas/ | + | |
- | This helps avoid any ambiguity, shows that you have thought deeply about the RFC's impact, and helps reduces mail list noise. | + | ==== Why not \? ==== |
+ | That was my first idea, but backslash is the escaping symbol for strings themselves, which was potentially making eventual escaping quite confusing: in order to send a backslash followed by a positional parameter placeholder one would have to write " | ||
- | ===== Future Scope ===== | + | ==== New PDO Flags ==== |
- | This sections details areas where the feature might be improved in future, but that are not currently proposed in this RFC. | + | It had been proposed to add some flags to enable/ |
- | ===== Proposed Voting Choices ===== | + | ==== Custom placeholder styles for drivers |
- | Include these so readers know where you are heading and can discuss | + | Another suggestion was to use different styles for placeholders to match the database driver in use, which to me seems a huge step backwards. |
- | State whether this project requires a 2/3 or 50%+1 majority (see [[voting]]) | + | ===== Unaffected PHP Functionality ===== |
+ | Everything not PDO. | ||
- | ===== Patches and Tests ===== | + | ===== Vote ===== |
- | Links to any external patches and tests go here. | + | Started 7th July 2019. Ends 22nd July 2019 |
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
- | If there is no patch, make it clear who will create | + | ===== Proposed Voting Choices ===== |
+ | This RFC requires | ||
- | Make it clear if the patch is intended to be the final patch, or is just a prototype. | + | ===== Patches and Tests ===== |
- | + | [[https:// | |
- | For changes affecting the core language, you should also provide a patch for the language specification. | + | |
- | + | ||
- | ===== Implementation | + | |
- | After the project is implemented, | + | |
- | - the version(s) it was merged to | + | |
- | - a link to the git commit(s) | + | |
- | - a link to the PHP manual entry for the feature | + | |
- | | + | |
===== References ===== | ===== References ===== | ||
- | Links to external references, discussions or RFCs | + | * [[https:// |
+ | * [[https:// | ||
- | ===== Rejected Features ===== | ||
- | Keep this updated with features that were discussed on the mail lists. |
rfc/pdo_escape_placeholders.1482076650.txt.gz · Last modified: 2017/09/22 13:28 (external edit)