I was reading about pg_query()
and learned that it's preferred to use pg_query_params()
since 7.4
The pg_query() manual page and pg_query_params()
manual page lists more reasons why pg_query_params()
is prefered
I don't know much about the technical details here, or what would be needed for implementation. This is just something that I can across while reading about the pg_query()
function.
Category | ⇒ | Postgresql |
Title |
|
I agree a prepared statement is much better.
Doing a quick search in the CMS code it looks like there are 2 uses of pq_query()
in joomla-cms/libraries/joomla/database/driver/postgresql.php
Do you think these could be converted to pg_query_params()
?
Additionally, HHVM throws a notice on these pg_query() expects exactly 2 parameters, 1 given
The manual states "Note: Although connection can be omitted, it is not recommended, since it can be the cause of hard to find bugs in scripts." looks like HHVM is more strict about expecting the connection parameter.
pg_query_params()
is a cheap way for named parameters for PostgreSQL. IMO it's NOT preferential over pg_query()
. In a system with proper prepared statements, pg_execute()
is the way to go.
As for the HHVM errors, IMO the fact the PHP API has an optional parameter followed by a required parameter seems like a major API design failure (although fixing it would probably be more of an annoying B/C break than it's worth). It'd be correct to always pass the connection resource, regardless of whether it's optional or not.
I'll deal with adding the connection for HHVM.
I'll close this with the expectation of your fix in the framework.
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-07-20 23:21:43 |
Closed_By | ⇒ | photodude |
Labels |
Added:
?
|
https://www.postgresql.org/docs/current/static/libpq-exec.html
The primary advantage of PQexecParams [pg_query_params() in PHP] over PQexec [pg_query() in PHP] is that parameter values can be separated from the command string, thus avoiding the need for tedious and error-prone quoting and escaping.
You actually want prepared statement support, which neither of those functions supports. joomla-framework/database#39 is me trying to do that on the Framework code.