Hey Larry, Il 17/04/2024 16:51, Larry Garfield ha scritto:
This all seems logical, but having separate parsers would mean that the SQL strings are no longer portable, yes? Eg, many frameworks and CMSes try to (claim to) support multiple DBs transparently. (MySQL and Postgres and SQLite, usually). Some even recommend using SQLite for testing, but MySQL for prod. This change would break that, wouldn't it? Because the escaping would necessarily be different for MySQL and SQLite, and thus the queries would break on one or the other?
Nope. If you hardcode strings in your SQL, then it's your responsibility to write them with the correct syntax.
For example a `SELECT "foo"` will work on MySQL, but not on Postgres already, and this RFC won't change that.
Likewise, when using single quotes, `SELECT '\\'` will get you a single backslash on MySQL right now, but two backslashes on Postgres, regardless of this RFC.
The only proper way to safely hardcode literals is to use the `PDO::quote` method, which will take care of all the required escaping (and charset stuff), according to the connected database. But then again, most likely using parameters would be best in many circumstances.
As for recommending testing on SQLite when production is on MySQL, I've always found that to be a (huge) foot gun. Of course YMMV ;-)
Cheers -- Matteo Beccati Development & Consulting - http://www.beccati.com/