I am a member of the monday morning murder association. I murdered bugs. As said earlier, the modification of PDO_MYSQL to support both the MySQL native driver for PHP (mysqlnd) and the MySQL Client Library (AKA libmysql) is progressing. A good number of known and unknown bugs has been killed. But some new have been found as well - an overview.

(...)
Read the rest of PDO_MYSQLND: Monday morning murders (754 words)

I am a member of the monday morning murder association. I murdered bugs. As said earlier, the modification of PDO_MYSQL to support both the MySQL native driver for PHP (mysqlnd) and the MySQL Client Library (AKA libmysql) is progressing. A good number of known and unknown bugs has been killed. But some new have been found as well - an overview.

Please note that the status information is based on Linux 32bit and Linux 64bit testing only. We still have not done cross-platform testing recently. I spend too much time with blogging Also, I have not included some PDO_MYSQL feature requests such as the support of cursor attributes. Technically it should be possible to implement but we will focus on making "release ready" what we have today before we consider adding new features.

The following list is not ordered. Bugs have not been assigned a priority and/or severity. Its a “status quo” description that needs to be read with care. …

MySQLs multiple-queries feature makes it possible to run two or more SQL commands with one function call: SQL injections made easy. The PDO design is said to be optimized for security. For security reasons PDO has gone the stony road of prepared statements. If security matters, why does PDO_MYSQL explicitly enable multiple-queries? If portability matters, why do you use a MySQL specific feature?

Mighty multiple-queries feature: performance

Multi-statement is yet another example of how optimization works: trade in one feature (security) for another (performance). Sending several SQL command with one function call saves communication round-trips. You need only one round-trip for executing n > 1 SQL …

MySQLs multiple-queries feature makes it possible to run two or more SQL commands with one function call: SQL injections made easy. The PDO design is said to be optimized for security. For security reasons PDO has gone the stony road of prepared statements. If security matters, why does PDO_MYSQL explicitly enable multiple-queries? If portability matters, why do you use a MySQL specific feature?

Mighty multiple-queries feature: performance

Multi-statement is yet another example of how optimization works: trade in one feature (security) for another (performance). Sending several SQL command with one function call saves communication round-trips. You need only one round-trip for executing n > 1 SQL …

MySQLs multiple-queries feature makes it possible to run two or more SQL commands with one function call: SQL injections made easy. The PDO design is said to be optimized for security. For security reasons PDO has gone the stony road of prepared statements. If security matters, why does PDO_MYSQL explicitly enable multiple-queries? If portability matters, why do you use a MySQL specific feature?

Mighty multiple-queries feature: performance

Multi-statement is yet another example of how optimization works: trade in one feature (security) for another (performance). Sending several SQL command with one function call saves communication round-trips. You need only one round-trip for executing n > 1 SQL …

The PDO SQL parser causes many bugs. All drivers suffer from it. By default the parser replaces placeholder with '<bound_value>'.'<bound_value>' is a string. This can clash with the SQL syntax. PDO can make an INSERT fail. Please learn why and stop reporting bogus bugs.

Why does PDO parse my SQL commands?

PDO has chosen Prepared Statements as its preferred way of running database queries. The entire API is build around prepared statements. Wez has explained that primarily security considerations have caused this decision. Read PDO_MYSQLND: Prepared Statements, again for a discussion of prepared statements in the context of PDO.

Not every database system supports prepared statements. And those who do use a different syntax for placeholder. Some systems support …

The PDO SQL parser causes many bugs. All drivers suffer from it. By default the parser replaces placeholder with '<bound_value>'.'<bound_value>' is a string. This can clash with the SQL syntax. PDO can make an INSERT fail. Please learn why and stop reporting bogus bugs.

Why does PDO parse my SQL commands?

PDO has chosen Prepared Statements as its preferred way of running database queries. The entire API is build around prepared statements. Wez has explained that primarily security considerations have caused this decision. Read PDO_MYSQLND: Prepared Statements, again for a discussion of prepared statements in the context of PDO.

Not every database system supports prepared statements. And those who do use a different syntax for placeholder. Some systems support …

The PDO SQL parser causes many bugs. All drivers suffer from it. By default the parser replaces placeholder with '<bound_value>'.'<bound_value>' is a string. This can clash with the SQL syntax. PDO can make an INSERT fail. Please learn why and stop reporting bogus bugs.

Why does PDO parse my SQL commands?

PDO has chosen Prepared Statements as its preferred way of running database queries. The entire API is build around prepared statements. Wez has explained that primarily security considerations have caused this decision. Read PDO_MYSQLND: Prepared Statements, again for a discussion of prepared statements in the context of PDO.

Not every database system supports prepared statements. And those who do use a different syntax for placeholder. Some systems support …

Mike is asking I`m hoping that MySQL stored procedures will work properly. Especially multiple calls in one request. in reply to PDO_MYSQLND: R[a|u]mbling and a breeze of progress. Mike, it depends what you mean by "properly". If you use the API properly it works fine with mysqlnd. Read on for code examples.

Mike is asking I`m hoping that MySQL stored procedures will work properly. Especially multiple calls in one request. in reply to PDO_MYSQLND: R[a|u]mbling and a breeze of progress. Mike, it depends what you mean by "properly". If you use the API properly it works fine with mysqlnd. Read on for code examples.