On 24/10/16 21:16, Adam Baratz wrote: >> I've created an RFC to make it easier to work with emulated prepared >> > statements: >> > https://wiki.php.net/rfc/debugging_pdo_prepared_statement_emulation >> > > Does anyone have feedback?
Since PDO is an interface to third party databases this seems totally out of place in PHP. Prepared statements are a sensible mechanism for for anyone wanting secure access to those database, so what is the point of this code. The emulated versions simply replace parameters with raw data so database engines that don't have parameters get simple SQL statements which can be directly viewed. You do not need any code to create virtual parameters that are useless in the wire connection to the database anyway. Older mysql did not have prepared queries hence the default of converting the more secure SQL into something old mysql could handle. I presume that dblib has the same fundamental problem? But mssql has prepared statements so dblib SHOULD provide that interface? -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
