[Mediawiki-l] mysqli

Domas Mituzas midom.lists at gmail.com
Fri Mar 24 11:45:23 UTC 2006


> The first reason TO use mysqli that you might care about (which was  
> told
> to me by someone on #MediaWiki) is that mysqli_stmt is much faster and
> much more secure than mysql_query (you don't need to escape the inputs
> to mysqli_stmt).  The API is supposedly better, but they seem equally
> simple to me.

There are multiple issues with prepared statements.
First of all, we do lots of query building anyway, where we may hit  
multiple different queries.
We would still have to prepare multiple statements even for same  
tasks (counts of arguments are different, different nested options,  
yadda yadda).
Usually if we can aggregate multiple similar queries into single one,  
we do.

You would not get too much efficiency if you would prepare same  
queries, therefore you would have to keep a cache of prepared  

Another important point to note is that for long running operations  
that issue multiple queries, you have to deallocate statements once  
you won't use it again, otherwise they will accumulate on server (and  
leak memory).

As for security, our query builder solves it all \o/.

> The only reason *I* would like to see mysqli supported (even if it was
> not the default method) would be so we could use mysqli_embedded.
> mysqli_embedded allows people to use MediaWiki in standalone
> applications much easier.  In fact, it would allow people to use
> MediaWiki without significant change in a wikipedia-on-dvd type
> situation.

It's trivial to extend MediaWiki if only thing you wish is DB API  
change. :)


More information about the MediaWiki-l mailing list