[RFC] Remove Doctrine ORM QueryGenerator #276
Description
I have a major BC breaking proposal, concerning the Doctrine ORM QueryGenerator.
In short, it will be replaced with a mapping translator for Doctrine DBAL to produce a list of ID's to use for DQL (Similar to the Elastic Search API-Platform handler).
The Doctrine ORM QueryGenerator should not be used anymore:
-
To much performance impact,
DQL -> SQLtransforming is slow and performed for
every request! We can't cache this as the query is not predictable.And due to how ORM works the complete object graph is loaded-in when JOINS
are used, regardless if the related entities are part ofSELECT. -
Security, Doctrine ORM itself doesn't provide escaping for embedded-values;
The current solution is a "hack", and personally I am not comfortable about this.
Instead the Doctrine ORM extension will be replaced with a mapping translator
and an IDs-only QueryGenerator, to translate an ORM entity mapping configuration
to a DBAL mapping configuration.
Then the QueryGenerator will run the query, producing only a list of IDs for fetching
the root entity records by ID. The ID list can be safely passed to DQL using a parameter,
the DQL to SQL translation can now cached, the values are properly escaped,
and only the root entity is loaded when JOINS were used for searching.
SELECT DISTINCT u.id FROM users u LEFT JOIN user_roles r ON u WITH(r.user = r.id) WHERE (...) produces a list of IDs for User entity.
The IDs list gets used for:
SELECT u FROM App\Entity\User u WHERE u.id IN(:ids).
Additionally (not part of this implementation) the ID list can be cached
in the session to speed-up additional requests.
Please vote with a 👍 / 👎 and motivate your negative vote on this proposal. To be clear, you can still search with Doctrine ORM, only the way how the entities are selected changes.