I'm not arguing if there weren't reasons for implementing it this way. I am arguing if they are good enough reasons to justify the security impact. It's not my decision (and I respect that), but I would stress that what PDO is doing is not prepared statements or even parameterized queries, and as such does not have the same benefits of using true prepared statements (and perhaps the documentation needs to be updated to reflect that).
Anthony On Sat, Apr 30, 2011 at 2:37 PM, Rasmus Lerdorf <ras...@lerdorf.com> wrote: > On 04/30/2011 11:10 AM, Ferenc Kovacs wrote: > >> with 5.0 EOL-ed for some time, and even the debian stable is running >> 5.1, I wonder how many of our user runs 5.0. > > I'm not disagreeing, I just don't agree it is a bug against 5.3. There were > good reasons for the default at the time 5.3 was released. For 5.4 it is > probably time to switch it. > > -Rasmus > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
