Hi Kamil,
Il 18/12/2025 22:03, Kamil Tekiela ha scritto:
Hello, I would like to open a discussion about adding a new function to PHP https://wiki.php.net/rfc/mysqli_quote_string Would you support such an addition?
I agree with you and I prefer PDO::quote()'s behaviour over the "old" non-pdo quote functions.
However, I also think that manually interpolating parameters is not a best practice that we should encourage: query parameters are the a much better defence against SQL injections.
Also I'm afraid that offering two alternatives would increase the confusion, especially if this new function is added only to mysqli and not other prominent database extensions.
Cheers -- Matteo
