On Sa, 2017-11-04 at 08:28 +0100, Matteo Beccati wrote:
> Hi,
>
> On 03/11/2017 21:25, Scott Arciszewski wrote:
> >
> > MySQL calls it an X Protocol, apparently.
> >
> > https://dev.mysql.com/doc/internals/en/x-protocol-use-cases-use-cas
> > es.html#x-protocol-use-cases-prepared-statements-with-
On 4 November 2017 16:24:58 GMT+00:00, Stephen Reay
wrote:
>So while most apps don't need to reuse the prepared statement they
>benefit from the more bulletproof parameterization, IMO.
I think a lot of unnecessary confusion comes about because people say "prepared
statements" when it would be c
> On 4 Nov 2017, at 14:28, Matteo Beccati wrote:
>
> Hi,
>
>> On 03/11/2017 21:25, Scott Arciszewski wrote:
>> MySQL calls it an X Protocol, apparently.
>>
>> https://dev.mysql.com/doc/internals/en/x-protocol-use-cases-use-cases.html#x-protocol-use-cases-prepared-statements-with-single-round-
Hi,
On 03/11/2017 21:25, Scott Arciszewski wrote:
> MySQL calls it an X Protocol, apparently.
>
> https://dev.mysql.com/doc/internals/en/x-protocol-use-cases-use-cases.html#x-protocol-use-cases-prepared-statements-with-single-round-trip
OK, which is something that neither libmysqlclient nor mys
On Fri, Nov 3, 2017 at 3:49 PM, Matteo Beccati wrote:
> Hi Scott,
>
> On 03/11/2017 16:33, Scott Arciszewski wrote:
> > 1. Which DB drivers (and which versions) support 1RT prepared statements
> in
> > addition to 2RT prepared statements?
> > 2. Is there a better name for this usage than safeQuer
Hi Scott,
On 03/11/2017 16:33, Scott Arciszewski wrote:
> 1. Which DB drivers (and which versions) support 1RT prepared statements in
> addition to 2RT prepared statements?
> 2. Is there a better name for this usage than safeQuery()?
>
> If this turns out to be a good idea, I'll write up an RFC t
This came up in a discussion on Reddit:
https://www.reddit.com/r/PHP/comments/79xgcg/disclosure_wordpress_wpdb_sql_injection_technical/dp7wln0/?context=5
For database drivers that support sending the query and parameters in the
same TCP packet (n.b. not in the same query string, though, or we los
