Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Fixes the special characters in bindParam for PDO #224
return ':' . md5($name);
For instance, a filed name
Looks good; I've provided a little feedback on a few readability changes, but otherwise, ready to merge!
referenced this pull request
Nov 29, 2017
@webimpress It's not considered a best practice to use these characters in bind param name. Why you want to allow a bad practice in our code base? Moreover, it will introduce high CPU usage, with preg_replace() + md5() execution for each param in SQL statements. This is not a reliable solution.
added a commit
this pull request
Dec 7, 2017
Automatically changing anything in the query will make it very difficult to debug at database level. A common debugging procedure is looking through database logs, in SqlServer watching through real time activity monitor. Then, copy those queries and search for them in the codebase. Changing the names will no longer match logged queries with whats in code.
I think instead should do validation for special chars at the same place you tried md5() and throw