Differences

This shows you the differences between two versions of the page.

--- v5:database:mysql [2023/05/10 09:41] – [mysqli driver] mysqlnd required since 5.22 dregad
+++ v5:database:mysql [2024/04/30 13:07] (current) – Forcing emulated prepared statements dregad
@@ Line 60: / Line 60: @@
 * Enable ADOdb
 */
-$db = newAdoConnection('mysqli')
+$db = newAdoConnection('mysqli');
 /*
 * Set the SSL parameters
@@ Line 81: / Line 81: @@
 * Enable ADOdb
 */
-$db = newAdoConnection('mysqli')
+$db = newAdoConnection('mysqli');
 $database = 'employees';
@@ Line 94: / Line 94: @@
 */
 $db->connect($host, $user, $password, $database);
+</code>
+==== Forcing emulated prepared statements ====
+ADOdb 5.22 introduced support for "true" bound variables in prepared statements((using
+[[https://www.php.net/manual/en/mysqli-stmt.execute.php|mysqli_stmt_execute()]],
+see [[https://github.com/ADOdb/ADOdb/pull/655|issue #655]])).
+Before that, parameterized queries were emulated, which was a potential security risk.
+When using database engines pretending to be MySQL but not implementing prepared statements such as
+[[https://clickhouse.com/|ClickHouse]] and
+[[https://manticoresearch.com/|Manticore Search]],
+it is possible((starting with ADOdb 5.22.8)) to force usage of emulated queries (i.e. reverting to behavior of ADOdb 5.21 and older) by setting the ''doNotUseBoundVariables'' property.
+<code php>
+$db = newAdoConnection('mysqli');
+$db->doNotUseBoundVariables = true;
+$db->connect($host, $user, $password, $database);
+$db->execute($sql, $param);
 </code>
 {{tag>[MySQL windows unix supported tier1]}}
 {{htmlmetatags>metatag-keywords=(php, programming, database, mysql, percona, mariadb)}}