>>> > On Mon, Nov 10, 2014 at 12:02 PM, Johannes Schlüter <
>>> > johan...@schlueters.de> wrote:
>>> >
>>> >> On Thu, 2014-11-06 at 19:52 -0500, Peter Wolanin wrote:
>>> >> > Suggested solution: add a PDO attribute that c
om the bugtracker), so that we each NEWS entry can link
> to a bug#.
>
> On Fri, Nov 14, 2014 at 4:04 PM, Peter Wolanin
> wrote:
>
>> Added as a feature request also: https://bugs.php.net/bug.php?id=68424
>>
>> I'm a little unclear about the preferred workflow for
21 PM, Peter Wolanin
wrote:
> I've added a pull request here with a proposal to add the attribute at
> connection time: https://github.com/php/php-src/pull/896
>
> I think given PHP users the option to do this is really critical for
> securing against SQL injection, and giving
er
On Mon, Nov 10, 2014 at 12:02 PM, Johannes Schlüter
wrote:
> On Thu, 2014-11-06 at 19:52 -0500, Peter Wolanin wrote:
> > Suggested solution: add a PDO attribute that could be set on a
> > connection or a driver option for PDO::prepare to enforce the limit of
> > a sing
this situation probably affects many web applications using PDO,
I'd like to see if a new PDO attribute could be added which would e.g.
cause the driver to throw an exception if multiple statements were
sent at once. Ideally, this could be backported to current releases.
-Peter Wolanin
--
