On 11 February 2015 at 06:59, Paul Dragoonis <dragoo...@gmail.com> wrote: > On Mon, Feb 9, 2015 at 10:29 PM, Anatol Belski <anatol....@belski.net> > wrote: >> ext/mssql 17:13 > > Did you accidentally miss out mssql? it resultes in significant resistance > to leave core, such as mcrypt and ignoring mathematical numbers, from a > practical basis I'd like to see mssql kept in core. Who's with me ?
Since it's apparently my week for this, I'll provide the case for the defence (or why I voted for removal, anyway): - The API is awful in the exact same ways the ext/mysql API was awful — it makes it far harder to write secure code than it should be. - Actually, it's worse than that, because there's no charset-aware escaping function at all: the only option is addslashes(), which has interesting security implications if you're using certain charsets. - It's buggy. Some of the bugs are due to the underlying library (which is mostly dead); some are in our code, but there are some fundamental issues — basic data types (nvarchar(128), for example) aren't supported, field names are truncated, stored procedure calls are problematic, and probably many more things that I've forgotten. - The bugs probably aren't going to be fixed. ext/mssql averages about one to two non-whitespace, non-copyright-year-increment commits a year. A cursory look at the bug tracker (or my ##php logs) will tell you that it's not because it's stable and free of bugs. - There are multiple better options: using ODBC is almost always more stable, and while PDO_dblib has some of the same problems due to FreeTDS, at least you're using PDO's better (by which I mostly mean harder to misuse) API. In my mind, this is analogous to removing ext/mysql: it's the right thing to do for our users because it promotes better practices and gets rid of an extension that has even more technical issues than that one did. Finally, Anatol's tally was wrong for this one: it was 17:3 for removal. That's a pretty strong indicator by itself. Adam -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
