简介
The mysqlnd user handler plugin (mysqlnd_uh)
allows users to set hooks for most internal calls of the
MySQL native driver for PHP
(mysqli,
mysql,
PDO_MYSQL) are compiled to
use mysqlnd this can be used for:Monitoring
Queries executed by any of the PHP MySQL extensions
Prepared statements executing by any of the PHP MySQL extensions
Auditing
Detection of database usage
SQL injection protection using black and white lists
Assorted
Load Balancing connections
The MySQL native driver for PHP (mysqlnd)
features an internal plugin C API. C plugins, such as the mysqlnd
user handler plugin, can extend the functionality of
mysqlnd. PECL/mysqlnd_uh
makes parts of the internal plugin C API available to the
PHP user for plugin development with PHP.
Note:
Status
The mysqlnd user handler plugin is in alpha status.
Take appropriate care before using it in production environments.
Security considerations
PECL/mysqlnd_uh gives users access to MySQL user names, MySQL password
used by any of the PHP MySQL extensions to connect to MySQL.
It allows monitoring of all queries and prepared statements exposing
the statement string to the user. Therefore, the extension should be
installed with care. The PHP_INI_SYSTEM configuration setting
Code obfuscators and similar technologies are not suitable to prevent
monitoring of mysqlnd library activities if PECL/mysqlnd_uh is made
available and the user can install a proxy, for example,
using auto_prepend_file.
Documentation note
Many of the mysqlnd_uh functions are briefly described because
the mysqli extension is
a thin abstraction layer on top of the MySQL C API that
the mysqlnd library provides. Therefore,
the corresponding mysqli documentation
(along with the MySQL reference manual) can be consulted
to receive more information about a particular function.
On the name
The shortcut mysqlnd_uh stands for
mysqlnd user handler, and has been the name
since early development.