Quick question. I have checked the FAQ and the documentation. Why doesn't mediawiki use mysqli?
Why would it?
Hello Brion,
Well, as Sylvain said, there are a few reasons NOT to support mysqli. Like, for instance, the mysql package is installed by default and the mysqli package is currently not installed by default. I'll admit, right now that's a very good reason to refrain from making it the default method.
The first reason TO use mysqli that you might care about (which was told to me by someone on #MediaWiki) is that mysqli_stmt is much faster and much more secure than mysql_query (you don't need to escape the inputs to mysqli_stmt). The API is supposedly better, but they seem equally simple to me.
The only reason *I* would like to see mysqli supported (even if it was not the default method) would be so we could use mysqli_embedded. mysqli_embedded allows people to use MediaWiki in standalone applications much easier. In fact, it would allow people to use MediaWiki without significant change in a wikipedia-on-dvd type situation.
thanks for your time,
adrian
Adrian,
The first reason TO use mysqli that you might care about (which was told to me by someone on #MediaWiki) is that mysqli_stmt is much faster and much more secure than mysql_query (you don't need to escape the inputs to mysqli_stmt). The API is supposedly better, but they seem equally simple to me.
There are multiple issues with prepared statements. First of all, we do lots of query building anyway, where we may hit multiple different queries. We would still have to prepare multiple statements even for same tasks (counts of arguments are different, different nested options, yadda yadda). Usually if we can aggregate multiple similar queries into single one, we do.
You would not get too much efficiency if you would prepare same queries, therefore you would have to keep a cache of prepared statements.
Another important point to note is that for long running operations that issue multiple queries, you have to deallocate statements once you won't use it again, otherwise they will accumulate on server (and leak memory).
As for security, our query builder solves it all \o/.
The only reason *I* would like to see mysqli supported (even if it was not the default method) would be so we could use mysqli_embedded. mysqli_embedded allows people to use MediaWiki in standalone applications much easier. In fact, it would allow people to use MediaWiki without significant change in a wikipedia-on-dvd type situation.
It's trivial to extend MediaWiki if only thing you wish is DB API change. :)
Domas
mediawiki-l@lists.wikimedia.org