On Mon, Oct 7, 2013 at 12:05 PM, Chris Steipp csteipp@wikimedia.org wrote:
If you are writing an enhancement to this, you should wrap them in ` and escape ` characters in the name. DatabaseBase::addIdentifierQuotes wraps, but doesn't escape.
Backquotes are a MySQLism. The SQL standard uses double-quotes, which MySQL uses for strings along with single-quotes (unless you put ANSI_QUOTES in sql_mode).
It looks like DatabaseBase::addIdentifierQuotes actually does escape, although whether its escaping is sufficient I don't know. It changes 'foo " bar' into '"foo "" bar"'.
DatabaseMysqlBase::addIdentifierQuotes, on the other hand, doesn't escape correctly; it uses the same function for quoting strings and identifiers, despite the different quote marks. So it will change 'foo " bar' into '`foo " bar`', but 'foo ` bar' comes out wrong as '`foo ` bar`'.