Skip to content

Fix FR #71885 (Allow escaping question mark placeholders) #1967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from

Conversation

mbeccati
Copy link
Contributor

@mbeccati mbeccati commented Jun 29, 2016

Allow the "?" pgsql json operator to be used within queries by escaping it as "??", following the SQL conventions. Escaping isn't applied in case prepares use "?" as placeholder, e.g. native MySQL.

@mbeccati mbeccati force-pushed the fr71885 branch 4 times, most recently from 991c794 to 507640b Compare June 30, 2016 08:52
@mbeccati mbeccati force-pushed the fr71885 branch 2 times, most recently from 2f048a6 to c2f3696 Compare December 18, 2016 12:15
@krakjoe
Copy link
Member

krakjoe commented Jan 7, 2017

@adambaratz @madorin is this a reasonable feature, and can you review please ?

@mbeccati
Copy link
Contributor Author

mbeccati commented Jan 7, 2017

I had started writing an RFC, hopefully I'll complete it soon-ish.

@krakjoe
Copy link
Member

krakjoe commented Jan 7, 2017

Okay then, can you update this with a link to the RFC when complete.

@krakjoe krakjoe added RFC and removed Feature labels Jan 7, 2017
@mbeccati
Copy link
Contributor Author

mbeccati commented Jan 7, 2017

@krakjoe sure, I will

@adambaratz
Copy link
Contributor

Looking forward to the RFC. My main interest would be in making sure there's no impact to pdo_dblib and pdo_mysql, but that doesn't seem like a problem.

One question: it looks like there are a few operators in this family:
https://www.postgresql.org/docs/9.4/static/functions-json.html

Is it easy to add coverage to ensure that ?| and ?& work as expected? Though maybe this is what ext/pdo_pgsql/tests/bug71885.phpt does... having a little trouble parsing the intent of that one.

@mbeccati
Copy link
Contributor Author

mbeccati commented Jan 9, 2017

@adambaratz the change only affects queries that contain "??" outside of strings or comments, which shouldn't be the case, as most likely it would mean illegal SQL. In fact, pdo_mysql w/o emulated prepares has the escaping disabled, as its prepared queries use "?" placeholders.

Since jsonb operators have been introduced in 9.4, I used a geometrical operator ("?-") in the phpt file in order to avoid skipping the test on earlier versions.

@FractalizeR
Copy link

Is there any progress on this issue? PHP is used mostly with MySQL, but we, from the Postgres world would like to be able to use its full might ;)

@mbeccati
Copy link
Contributor Author

mbeccati commented Feb 9, 2017

@FractalizeR not much. The day job keeps getting in the way, but I promise will be getting it ready in time for 7.2.

@mbeccati
Copy link
Contributor Author

mbeccati commented Jun 7, 2017

Just rebased, RFC almost ready for discussion: https://wiki.php.net/rfc/pdo_escape_placeholders

@enumag
Copy link

enumag commented May 23, 2018

Any update on this? It has been almost a year since the last comment here.

@mbeccati
Copy link
Contributor Author

@enumag I know and I'm very sorry, but I'm currently not able to follow up on it due to serious lack of time... I'll see if I can manage to pick it up in the near future. Any help would be appreciated.

@alekstar79
Copy link

All very sad. Ends 2018 and php7.2 like as, and the problem on same place, I so understand. Although the question is acute.

@mbeccati
Copy link
Contributor Author

@alekstar79 I wish I could do better, but alas I currently can't find the necessary time to push the RFC forward.

@KalleZ
Copy link
Member

KalleZ commented Mar 2, 2019

Closing this due to inactivity. Please open a new PR and link to this if active work is being put back into it.

@KalleZ KalleZ closed this Mar 2, 2019
@ppKrauss
Copy link

ppKrauss commented May 2, 2019

Please SHOW the proof that it is not abandoned, where the "new PR"?
Please a link.

PS: there are ~700 page views to here, https://stackoverflow.com/a/44991831/287948

@mbeccati
Copy link
Contributor Author

mbeccati commented May 2, 2019

@ppKrauss I aim to get it back on track for 7.4, but if someone could help with the RFC, that would be very appreciated.

@ppKrauss
Copy link

ppKrauss commented May 2, 2019

This issue is important for PostgreSQL, where JSONb (that use ?, ?| and ?& operators) is a first-class citizen.

PS: a "parse workaround" is suggested here.

@mbeccati
Copy link
Contributor Author

mbeccati commented May 2, 2019

@ppKrauss thanks for stating the obvious ;) Pressing won't magically make my spare time increase out of thin air.

PS: the workaround can't use indexes, or at least it couldn't a while ago.

@ppKrauss
Copy link

ppKrauss commented May 2, 2019

Hi, how to use https://wiki.php.net/rfc/ with Github or other "de facto standard" (or OpenID) login? Seems that it is a big barrier to vote and to contribute. We can contribute here, or voting to "!!!HEY WE NEED STANDARD LOGIN!!!".

@mbeccati
Copy link
Contributor Author

mbeccati commented May 2, 2019

@ppKrauss contribute to what and how? Other then "I ABSOLUTELY NEED THIS, THIS IS MORE IMPORTANT THAN ANYTHING ELSE HAPPENING IN YOUR LIFE" I see no other useful input from you.

@ppKrauss
Copy link

ppKrauss commented May 2, 2019

I'm sorry @mbeccati, all my comments are about your "Any help would be appreciated", that seems about rfc/pdo_escape_placeholders... And for me it seems an abandoned RFC: no participation. It is an old problem, participation, and PHP is losing important RFC votes/contributions.

Your RFC stay as draft since 2016, no vote, no community participation: this is the main problem.

PS: there is a better big picture about PHP RFC login/voting system... I can help (!) if you say objectivally how an external user (I lost my RFC password login years ago) can help.

@mbeccati
Copy link
Contributor Author

mbeccati commented May 2, 2019

@ppKrauss pls stop spamming this with ramblings on the voting system. This has nothing to do with the RFC or PR at hand and you're just wasting my (and other people's) time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants