-
Notifications
You must be signed in to change notification settings - Fork 7.9k
Fix FR #71885 (Allow escaping question mark placeholders) #1967
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
991c794
to
507640b
Compare
2f048a6
to
c2f3696
Compare
@adambaratz @madorin is this a reasonable feature, and can you review please ? |
I had started writing an RFC, hopefully I'll complete it soon-ish. |
Okay then, can you update this with a link to the RFC when complete. |
@krakjoe sure, I will |
Looking forward to the RFC. My main interest would be in making sure there's no impact to pdo_dblib and pdo_mysql, but that doesn't seem like a problem. One question: it looks like there are a few operators in this family: Is it easy to add coverage to ensure that ?| and ?& work as expected? Though maybe this is what ext/pdo_pgsql/tests/bug71885.phpt does... having a little trouble parsing the intent of that one. |
@adambaratz the change only affects queries that contain "??" outside of strings or comments, which shouldn't be the case, as most likely it would mean illegal SQL. In fact, pdo_mysql w/o emulated prepares has the escaping disabled, as its prepared queries use "?" placeholders. Since jsonb operators have been introduced in 9.4, I used a geometrical operator ("?-") in the phpt file in order to avoid skipping the test on earlier versions. |
Is there any progress on this issue? PHP is used mostly with MySQL, but we, from the Postgres world would like to be able to use its full might ;) |
@FractalizeR not much. The day job keeps getting in the way, but I promise will be getting it ready in time for 7.2. |
Just rebased, RFC almost ready for discussion: https://wiki.php.net/rfc/pdo_escape_placeholders |
Any update on this? It has been almost a year since the last comment here. |
@enumag I know and I'm very sorry, but I'm currently not able to follow up on it due to serious lack of time... I'll see if I can manage to pick it up in the near future. Any help would be appreciated. |
All very sad. Ends 2018 and php7.2 like as, and the problem on same place, I so understand. Although the question is acute. |
@alekstar79 I wish I could do better, but alas I currently can't find the necessary time to push the RFC forward. |
Closing this due to inactivity. Please open a new PR and link to this if active work is being put back into it. |
Please SHOW the proof that it is not abandoned, where the "new PR"? PS: there are ~700 page views to here, https://stackoverflow.com/a/44991831/287948 |
@ppKrauss I aim to get it back on track for 7.4, but if someone could help with the RFC, that would be very appreciated. |
This issue is important for PostgreSQL, where JSONb (that use PS: a "parse workaround" is suggested here. |
@ppKrauss thanks for stating the obvious ;) Pressing won't magically make my spare time increase out of thin air. PS: the workaround can't use indexes, or at least it couldn't a while ago. |
Hi, how to use https://wiki.php.net/rfc/ with Github or other "de facto standard" (or OpenID) login? Seems that it is a big barrier to vote and to contribute. We can contribute here, or voting to "!!!HEY WE NEED STANDARD LOGIN!!!". |
@ppKrauss contribute to what and how? Other then "I ABSOLUTELY NEED THIS, THIS IS MORE IMPORTANT THAN ANYTHING ELSE HAPPENING IN YOUR LIFE" I see no other useful input from you. |
I'm sorry @mbeccati, all my comments are about your "Any help would be appreciated", that seems about rfc/pdo_escape_placeholders... And for me it seems an abandoned RFC: no participation. It is an old problem, participation, and PHP is losing important RFC votes/contributions. Your RFC stay as draft since 2016, no vote, no community participation: this is the main problem. PS: there is a better big picture about PHP RFC login/voting system... I can help (!) if you say objectivally how an external user (I lost my RFC password login years ago) can help. |
@ppKrauss pls stop spamming this with ramblings on the voting system. This has nothing to do with the RFC or PR at hand and you're just wasting my (and other people's) time. |
Allow the "?" pgsql json operator to be used within queries by escaping it as "??", following the SQL conventions. Escaping isn't applied in case prepares use "?" as placeholder, e.g. native MySQL.