[wp-trac] [WordPress Trac] #42352: Support use of native MySQLi prepared queries

WordPress Trac noreply at wordpress.org
Fri Oct 27 09:36:55 UTC 2017 

#42352: Support use of native MySQLi prepared queries
-------------------------+------------------------------
 Reporter:  dd32         |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Database     |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  early        |     Focuses:
-------------------------+------------------------------

Comment (by dd32):

 [attachment:42352.3.diff] builds upon [attachment:42352.2.diff] and fixes
 bugs and adds support for things it probably shouldn't.

 Notable:
  - When returning multiple rows, it now returns multiple rows rather than
 multiple copies of the final row (it wasn't dereferencing the values, only
 the holding array)
  - When returning rows, return objects instead of arrays
  - Switches the `insert|replace|update|delete()` helpers over to the new
 prepares. May break if anyone is passing something other than `%s, %d, or
 %f` as the `$format` placeholder which is technically possible, but
 shouldn't be done.
  - Adds prepared statement fallback for MySQL through the usage of
 `$wpdb->prepare()` while only supporting `?` placeholders. It works, and
 is ultimately more restrictive than `$wpdb->prepare()` which is probably a
 good thing.

 A bunch of unit tests are breaking, because it changes the way queries are
 constructed (ie. the `$wpdb->update()` tests expect the values to be in
 `$wpdb->last_query` but they're not). Documentation needs fixing, tests
 need writing, variables need renaming, code needs cleaning, PHP 5.2 compat
 needs to happen (a single anonymous callback).

 All in all, I'm fairly confident that adding support for native prepares
 and encouraging their usage (even if only for the more relatable syntax)
 is within our reach, despite still supporting PHP 5.2 & PHP without
 MySQLi.
 Coming into this experiment I expected that we'd have to drop PHP
 5.2/MySQL support, I'm happy to have been proved wrong.
 If we drop our entirely-cautious `MySQLi for PHP 5.5+ only, MySQL for PHP
 5.2~5.4` checks and use MySQLi when available we'd probably be able to get
 native prepares to be available for ~90% of sites rather than the above
 70-80% too.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/42352#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list