On 17/10/14 13:20, Ulf Wendel wrote: >> users know what they are getting and where the real security holes are. > Hmm, maybe, you could make this world a better one by contributing to > improve http://php.net/manual/en/pdo.prepared-statements.php ?
PDO does not support management of SQL differences between databases. This page is a good example of where users run into problems because they have no idea if what they are copying actually works on their particular database. Does MySQL need ATTR_EMULATE_PREPARES in order to convert client side the SQL that it feeds over to the server? If I am converting from one database to another just what is actually supported and how? I don't use PDO with Firebird if I can help it but I am having to work with this where mysql hosting is the norm and PDO_mysql is an alternative that gets provided instead of mysqli. *I* have trouble sorting this stuff out so how do users who currently have working sites cope when things under the hood change perhaps without them even knowing. I can quite happily add notes as to what Firebird does with the various abstractions on that page, but what about every other PDO driver. Which emulate aspects of the prepares and which do it natively? Just what does get emulated? -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
