rfc:pdo_escape_placeholders

This is an old revision of the document!

PHP RFC: Escape PDO placeholders

Introduction

PostgreSQL, and possibly other databases, allow the usage of the question mark (“?”) character in operators, either alone or part of a multi-character operator. In fact, as of today, core Postgres currently has 21 operators that include it in their names. Most of them belong to geometric types 1), but 3 of them apply to the jsonb type 2), which has been introduced in Postgres 9.4 and has a much wider and growing audience. Unfortunately it is impossible to use them with the PDO extension, due to a clash with the positional placeholder, which can't currently be escaped, nor disabled.

Proposal

Improve the PDO SQL parser so that question marks can be escaped by doubling them, similarly to what the SQL standard does with single quotes within string literals, which is also the same behaviour implemented in JDBC 3).

Backward Incompatible Changes

What breaks, and what is the justification for it?

Proposed PHP Version(s)

List the proposed PHP versions that the feature will be included in. Use relative versions such as “next PHP 7.x” or “next PHP 7.x.y”.

RFC Impact

To SAPIs

No impact.

To Existing Extensions

All PDO drivers will be somehow affected by the change, but there is no API change.

To Opcache

No impact.

Open Issues

Make sure there are no open issues when the vote starts!

Unaffected PHP Functionality

List existing areas/features of PHP that will not be changed by the RFC.

This helps avoid any ambiguity, shows that you have thought deeply about the RFC's impact, and helps reduces mail list noise.

Future Scope

This sections details areas where the feature might be improved in future, but that are not currently proposed in this RFC.

Proposed Voting Choices

Include these so readers know where you are heading and can discuss the proposed voting options.

State whether this project requires a 2/3 or 50%+1 majority (see voting)

Patches and Tests

Links to any external patches and tests go here.

If there is no patch, make it clear who will create a patch, or whether a volunteer to help with implementation is needed.

Make it clear if the patch is intended to be the final patch, or is just a prototype.

For changes affecting the core language, you should also provide a patch for the language specification.

Implementation

After the project is implemented, this section should contain

  1. the version(s) it was merged to
  2. a link to the git commit(s)
  3. a link to the PHP manual entry for the feature
  4. a link to the language specification section (if any)

References

Rejected Features

Keep this updated with features that were discussed on the mail lists.

1)
https://www.postgresql.org/docs/10/static/functions-geometry.html#functions-geometry-op-table
2)
https://www.postgresql.org/docs/10/static/functions-json.html#functions-jsonb-op-table
3)
https://jdbc.postgresql.org/documentation/head/statement.html
rfc/pdo_escape_placeholders.1496828550.txt.gz · Last modified: 2017/09/22 13:28 (external edit)

Page Tools



Table of Contents