On Fri, Nov 3, 2017 at 3:49 PM, Matteo Beccati <p...@beccati.com> wrote:
> Hi Scott, > > On 03/11/2017 16:33, Scott Arciszewski wrote: > > 1. Which DB drivers (and which versions) support 1RT prepared statements > in > > addition to 2RT prepared statements? > > 2. Is there a better name for this usage than safeQuery()? > > > > If this turns out to be a good idea, I'll write up an RFC targeting PHP > 7.3. > > I've added a similar feature to pdo_pgsql a while ago > (PDO::PGSQL_ATTR_DISABLE_PREPARES), which is not enabled by default. > > It is basically somwthing in between real prepared statements (which is > the default on pdo_pgsql) and emulated prepares, and it uses libpq's own > PQexecParams function. > > At that time I had checked if libmysqlclient offered a similar function, > but it didn't seem like it, so I went for the pgsql-only constant. > > > Cheers > -- > Matteo Beccati > > Development & Consulting - http://www.beccati.com/ > MySQL calls it an X Protocol, apparently. https://dev.mysql.com/doc/internals/en/x-protocol-use-cases-use-cases.html#x-protocol-use-cases-prepared-statements-with-single-round-trip We don't want to disable prepared statements (that constant's name is somewhat scary). We don't want to emulate prepared statements (although we'll probably have to respect the current configuration). We just need a separate method (my proposed safeQuery() being distinct from prepare()) that uses whatever that driver's single-round-trip prepare-and-execute equivalent API is. If none is available for the given driver, we need to decide whether to: 1. Throw a PDOException, or 2. Silently use two round trips in the background so it "just works" even if it's a slight performance hit (In case it wasn't clear, I'm very much NOT a fan of emulated prepares, and in EasyDB we go out of our way to disable this feature.) Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com/>