Added as a feature request also: https://bugs.php.net/bug.php?id=68424
I'm a little unclear about the preferred workflow for using pull requests vs. bugs.php.net - it seems liek most everything released ends up referring to an issue on bugs.php.net? -Peter On Thu, Nov 13, 2014 at 8:21 PM, Peter Wolanin <peter.wola...@acquia.com> wrote: > I've added a pull request here with a proposal to add the attribute at > connection time: https://github.com/php/php-src/pull/896 > > I think given PHP users the option to do this is really critical for > securing against SQL injection, and giving more consistent behavior between > native and emulated prepares. > > From my reading of the mysql API, enabling multi-query implicitly enables > multi results, but it's also possible to enable multi results separately, > and I've left it as is, explicitly enabled, in the patch. > > Do you have an example of a stored procedure to test? > > Thanks, > > Peter > > On Mon, Nov 10, 2014 at 12:02 PM, Johannes Schlüter < > johan...@schlueters.de> wrote: > >> On Thu, 2014-11-06 at 19:52 -0500, Peter Wolanin wrote: >> > Suggested solution: add a PDO attribute that could be set on a >> > connection or a driver option for PDO::prepare to enforce the limit of >> > a single query being prepared or run. >> >> The issue is that disabling multi-query implicitly also disables support >> for stored procedures as the same flag configures handling of operations >> with multiple result sets. So this probably needs more thoughts >> especially in order to get "similar" behavior with different >> databases ... can you add a feature request in the bug tracker for this? >> >> johannes >> >> >> > > > -- > Peter M. Wolanin, Ph.D. : Momentum Specialist, Acquia. Inc. > peter.wola...@acquia.com : 781-313-8322 > -- Peter M. Wolanin, Ph.D. : Momentum Specialist, Acquia. Inc. peter.wola...@acquia.com : 781-313-8322
