Shouldn't pdo sqlite use the PDO prepare statement functionality?

cosmocode / sqlite

DokuWiki helper plugin to make SQLite access easier for other plugins

https://www.dokuwiki.org/plugin:sqlite

19 stars 9 forks source link

Shouldn't pdo sqlite use the PDO prepare statement functionality? #59

Closed micgro42 closed 1 year ago

micgro42 commented 5 years ago

Currently, the sqlite plugin implements its own parameter escaping and injecting in helper_plugin_sqlite_adapter::prepareSql and this is also used in the PDO adapter.

However, PDO supports its own prepare, bindValue and execute methods to provide that functionality. Shouldn't we use that directly, if available?

splitbrain commented 5 years ago

I believe this is a left over from the times of using sqlite(2). I wonder if it would be time to drop sqlite support entirely and use pdo_sqlite exclusively. However that's probably more than this issue is asking for. So if you can provide a PR for using the PDO methods, I'm happy to merge it.

splitbrain commented 1 year ago

will be fixed by #73