DanTMan schreef:
`table` is already handled before the test for tablename stuff. We're just trying to see if anything that is part of a SQL query shows up inside. So completeness isn't what's being tested. You noted the use of () next to ON, rather than just whitespace. Any similar types of characters? If not all that would be needed is to add in () and it should be fine: "/(^|\s|))(JOIN|ON|AS)((|\s|$)/i" Technically... = should never really show up outside either... Or maybe we're overcomplicating this...
Yeah, maybe we are. In an ideal world, we'd have wrapper functions for JOINs and other stuff too, so we don't *need* to pass SQL to Database::select().
BTW, Simetrical, I just documented ApiQueryBase, so if you still wanna know how the API builds its queries, look at [1] tomorrow.
Roan Kattouw (Catrope)