[TYPO3-dev] SQL parameter binding
dmitry.dulepov at gmail.com
Mon Jun 14 13:59:37 CEST 2010
Jigal van Hemert wrote:
> I'll try to do some tests with real life situations and PDO. I think it
> will work fine when it comes to speed.
If you want to do this task, you need to look wider. Here is some thing
that you may want to consider alongside the performance:
- how would existing API change?
- would $TYPO3_DB->sql_query() still work? Would fullQuoteStr work?
- how many of popular extensions would break because they use
MySQL-specific syntax (such as "WHERE 1")?
- how can extensions use concatenation of several queries with PDO?
- is it ok if PDO recordsets are not released?
This is just a couple of things that come to my mind. I do not know answers
to these questions because I never used PDO directly. I think that using
PDO is a good idea in general because it offers a much better way than DBAL
does. But a lot of thing must be considered *before* switching.
I did not want to participate in discussions like this but I could not
resist because it touches performance. A part of my business is performance
analysis and fixing for TYPO3 web sites. I often see how people write
queries in extensions. Using `'crdate>=' . time()` without index on crdate
or 'LIKE `%content%`' when it is not really necessary. Even TYPO3 core does
this kind of non–cachable queries, thus making core much slower than it
could be. I spent lots of time trying to gain a bit more speed of TYPO3
core in the past and it is painful to realize that this can be zeroed.
Changing database backend must consider far more than just parameter binding.
I hope I explained my position well. I am NOT against PDO, I am for being
very careful with this change and doing all necessary work to prevent
problems or irritation of users. Prevention is easier than fixing.
TYPO3 expert / TYPO3 core&security teams member
Read more @ http://dmitry-dulepov.com/
More information about the TYPO3-dev