Hi Olaf,
On Tue, 2011-03-29 at 17:43 +0200, Olaf van der Spek wrote:
> On Tue, Mar 29, 2011 at 5:09 PM, Andrew Hutchings
> <[email protected]> wrote:
> > using the prepared statement API in mysqli would probably be a
> > better/safer option. Having a native prepared statement API in the
> > drizzle plugin would be good but we first need support for it in
> > libdrizzle (there was a blueprint for this somewhere).
>
> Does Drizzle support prepared statements at all?
No, as I say there is a blueprint for it in libdrizzle, I guess the
closest thing in Drizzle itself is the EXECUTE() functionality which can
use user variable substitution.
MySQL has it, but I have heard from people that it isn't great (I've not
used it myself).
> With by design I mean that the 'Hello Drizzle' example should use the
> safe API. The safe case should be simpler than the unsafe case,
> instead of the other way around, like it's now.
>
> Something like this: drizzle_query("select name from users where
> user_id = ?", $_GET['user_id']);
That is similar to the prepared statement API in PHP's mysqli which is
probably what we should aim to emulate. We could then do true prepared
statements for a PDO module. Hopefully we will be able to implement
something like this in Drizzle8 since libdrizzle is going through some
large changes right now.
If anyone wants to take this on feel free, I'm not going to be able to
do much coding until after the MySQL Users Conference.
Kind Regards
--
Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help : https://help.launchpad.net/ListHelp
