First of all this discussion bares to relevance to the 4.3.3 release as sqlite is NOT part of this release. Secondly this is just plain silly. PHP is not and is not responsible for validating input. If the user chooses not to and consequently leaves their scripts vulnreable to SQL injection it is their fault and their fault alone. Ability to chain queries is an extremely useful feature that most database systems support (even MySQL as of version 4.0). To cripple or disable such functionality would be absolute idiocy not to mention break backwards compatibility to older versions where this was possible. Adding more run-time directives (as suggested by Hartmut Holzgraefe ) is a bad idea as it makes writing portable code extremely difficult as each system may have a drastically different behavior due to an ini option.
Ilia -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
