midom.lists at gmail.com
Fri Mar 24 11:45:23 UTC 2006
> The first reason TO use mysqli that you might care about (which was
> to me by someone on #MediaWiki) is that mysqli_stmt is much faster and
> much more secure than mysql_query (you don't need to escape the inputs
> to mysqli_stmt). The API is supposedly better, but they seem equally
> simple to me.
There are multiple issues with prepared statements.
First of all, we do lots of query building anyway, where we may hit
multiple different queries.
We would still have to prepare multiple statements even for same
tasks (counts of arguments are different, different nested options,
Usually if we can aggregate multiple similar queries into single one,
You would not get too much efficiency if you would prepare same
queries, therefore you would have to keep a cache of prepared
Another important point to note is that for long running operations
that issue multiple queries, you have to deallocate statements once
you won't use it again, otherwise they will accumulate on server (and
As for security, our query builder solves it all \o/.
> The only reason *I* would like to see mysqli supported (even if it was
> not the default method) would be so we could use mysqli_embedded.
> mysqli_embedded allows people to use MediaWiki in standalone
> applications much easier. In fact, it would allow people to use
> MediaWiki without significant change in a wikipedia-on-dvd type
It's trivial to extend MediaWiki if only thing you wish is DB API
More information about the MediaWiki-l