?
avatar photodude
photodude
20 Jul 2016

I was reading about pg_query() and learned that it's preferred to use pg_query_params() since 7.4

The pg_query() manual page and pg_query_params() manual page lists more reasons why pg_query_params() is prefered

I don't know much about the technical details here, or what would be needed for implementation. This is just something that I can across while reading about the pg_query() function.

avatar photodude photodude - open - 20 Jul 2016
avatar brianteeman brianteeman - change - 20 Jul 2016
Category Postgresql
avatar brianteeman brianteeman - change - 20 Jul 2016
Title
Suggestion replace pg_query() with the prefered pg_query_params()
Suggestion replace pg_query() with the prefered pg_query_params()
avatar mbabker
mbabker - comment - 20 Jul 2016

You actually want prepared statement support, which neither of those functions supports. joomla-framework/database#39 is me trying to do that on the Framework code.

avatar photodude photodude - change - 20 Jul 2016
The description was changed
avatar photodude
photodude - comment - 20 Jul 2016

I agree a prepared statement is much better.

Doing a quick search in the CMS code it looks like there are 2 uses of pq_query() in joomla-cms/libraries/joomla/database/driver/postgresql.php

Do you think these could be converted to pg_query_params()?

Additionally, HHVM throws a notice on these pg_query() expects exactly 2 parameters, 1 given

The manual states "Note: Although connection can be omitted, it is not recommended, since it can be the cause of hard to find bugs in scripts." looks like HHVM is more strict about expecting the connection parameter.

avatar mbabker
mbabker - comment - 20 Jul 2016

pg_query_params() is a cheap way for named parameters for PostgreSQL. IMO it's NOT preferential over pg_query(). In a system with proper prepared statements, pg_execute() is the way to go.

As for the HHVM errors, IMO the fact the PHP API has an optional parameter followed by a required parameter seems like a major API design failure (although fixing it would probably be more of an annoying B/C break than it's worth). It'd be correct to always pass the connection resource, regardless of whether it's optional or not.

avatar brianteeman brianteeman - close - 20 Jul 2016
avatar photodude
photodude - comment - 20 Jul 2016

I'll deal with adding the connection for HHVM.

I'll close this with the expectation of your fix in the framework.

avatar photodude photodude - change - 20 Jul 2016
Status New Closed
Closed_Date 0000-00-00 00:00:00 2016-07-20 23:21:43
Closed_By photodude
avatar photodude photodude - close - 20 Jul 2016
avatar photodude photodude - close - 20 Jul 2016
avatar brianteeman brianteeman - change - 21 Jul 2016
Labels Added: ?
avatar pstef
pstef - comment - 3 Aug 2016

https://www.postgresql.org/docs/current/static/libpq-exec.html

The primary advantage of PQexecParams [pg_query_params() in PHP] over PQexec [pg_query() in PHP] is that parameter values can be separated from the command string, thus avoiding the need for tedious and error-prone quoting and escaping.

Add a Comment

Login with GitHub to post a comment