On Oct 7, 2013 11:55 AM, "Jeroen De Dauw" <jeroended...@gmail.com> wrote: > > Hey, > > When constructing an SQL string, how should the following things be > escaped, if at all? > > * Field names > * Index names > > It looks like when doing a select using the Database MW thing, the field > names provided do not get escaped at all.
Using DatabaseBase::addIdentifierQuotes. I believe DatabasrBase::makeList does this automatically in some cases. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l