On Tue, Mar 29, 2011 at 7:15 PM, Andrew Hutchings
<[email protected]> wrote:
>> Does Drizzle support prepared statements at all?
>
> No, as I say there is a blueprint for it in libdrizzle, I guess the
As you said libdrizzle, I assumed it was already in drizzle itself.
>> With by design I mean that the 'Hello Drizzle' example should use the
>> safe API. The safe case should be simpler than the unsafe case,
>> instead of the other way around, like it's now.
>>
>> Something like this: drizzle_query("select name from users where
>> user_id = ?", $_GET['user_id']);
>
> That is similar to the prepared statement API in PHP's mysqli which is
> probably what we should aim to emulate. We could then do true prepared
> statements for a PDO module. Hopefully we will be able to implement
> something like this in Drizzle8 since libdrizzle is going through some
> large changes right now.
>
> If anyone wants to take this on feel free, I'm not going to be able to
> do much coding until after the MySQL Users Conference.
The syntax is similar, but there's no reason to use (or wait on)
prepared statements to solve this safety issue.
--
Olaf
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help : https://help.launchpad.net/ListHelp
