Hey,
When constructing an SQL string, how should the following things be
escaped, if at all?
* Field names
* Index names
It looks like when doing a select using the Database MW thing, the field
names provided do not get escaped at all.
Cheers
--
Jeroen De Dauw
http://www.bn2vs.com
Don't
On Oct 7, 2013 11:55 AM, Jeroen De Dauw jeroended...@gmail.com wrote:
Hey,
When constructing an SQL string, how should the following things be
escaped, if at all?
* Field names
* Index names
It looks like when doing a select using the Database MW thing, the field
names provided do not
On Mon, Oct 7, 2013 at 8:54 AM, Jeroen De Dauw jeroended...@gmail.comwrote:
Hey,
When constructing an SQL string, how should the following things be
escaped, if at all?
* Field names
* Index names
It looks like when doing a select using the Database MW thing, the field
names provided do
On Mon, Oct 7, 2013 at 12:05 PM, Chris Steipp cste...@wikimedia.org wrote:
If you are writing an enhancement to this, you should wrap them in ` and
escape ` characters in the name. DatabaseBase::addIdentifierQuotes wraps,
but doesn't escape.
Backquotes are a MySQLism. The SQL standard uses
On Mon, Oct 7, 2013 at 12:31 PM, Brad Jorsch (Anomie) bjor...@wikimedia.org
wrote:
DatabaseMysqlBase::addIdentifierQuotes, on the other hand, doesn't
escape correctly; it uses the same function for quoting strings and
identifiers, despite the different quote marks. So it will change 'foo
