On Oct 7, 2013 11:55 AM, "Jeroen De Dauw" jeroendedauw@gmail.com wrote:
Hey,
When constructing an SQL string, how should the following things be escaped, if at all?
- Field names
- Index names
It looks like when doing a select using the Database MW thing, the field names provided do not get escaped at all.
Using DatabaseBase::addIdentifierQuotes. I believe DatabasrBase::makeList does this automatically in some cases.