* Makes an encoded list of strings from an array
* $mode:
* LIST_COMMA - comma separated, no field names
- * LIST_ANDLIST_AND - ANDed WHERE clause (without the WHERE)
+ * LIST_AND - ANDed WHERE clause (without the WHERE)
* LIST_OR - ORed WHERE clause (without the WHERE)
* LIST_SET - comma separated with field names, like a SET clause
* LIST_NAMES - comma separated field names
}
}
+ /**
+ * Quotes a string using `backticks` for things like database, table, and field
+ * names, other databases which use something other than backticks can replace
+ * this with something else
+ */
+ public function addIdentifierQuotes( $s ) {
+ return "`" . $this->strencode( $s ) . "`";
+ }
+
+ /**
+ * Backwards compatibility, identifier quoting originated in DatabasePostgres
+ * which used quote_ident which does not follow our naming conventions
+ * was renamed to addIdentifierQuotes.
+ * @deprecated use addIdentifierQuotes
+ */
+ function quote_ident( $s ) {
+ wfDeprecated( __METHOD__ );
+ return $this->addIdentifierQuotes( $s );
+ }
+
/**
* Escape string for safe LIKE usage.
* WARNING: you should almost never use this function directly,
return true;
}
+ /**
+ * Database independent variable replacement, replaces a set of named variables
+ * in a sql statement with the contents of their global variables.
+ * Supports '{$var}' `{$var}` and / *$var* / (without the spaces) style variables
+ *
+ * '{$var}' should be used for text and is passed through the database's addQuotes method
+ * `{$var}` should be used for identifiers (eg: table and database names), it is passed through
+ * the database's addIdentifierQuotes method which can be overridden if the database
+ * uses something other than backticks.
+ * / *$var* / is just encoded, besides traditional dbprefix and tableoptions it's use should be avoided
+ *
+ * @param $ins String: SQL statement to replace variables in
+ * @param $varnames Array: Array of global variable names to replace
+ * @return String The new SQL statement with variables replaced
+ */
+ protected function replaceGlobalVars( $ins, $varnames ) {
+ foreach ( $varnames as $var ) {
+ if ( isset( $GLOBALS[$var] ) ) {
+ $ins = str_replace( '\'{$' . $var . '}\'', $this->addQuotes( $GLOBALS[$var] ), $ins ); // replace '{$var}'
+ $ins = str_replace( '`{$' . $var . '}`', $this->addIdentifierQuotes( $GLOBALS[$var] ), $ins ); // replace `{$var}`
+ $ins = str_replace( '/*$' . $var . '*/', $this->strencode( $GLOBALS[$var] ) , $ins ); // replace /*$var*/
+ }
+ }
+ return $ins;
+ }
+
/**
* Replace variables in sourced SQL
*/
'wgDBadminuser', 'wgDBadminpassword', 'wgDBTableOptions',
);
- // Ordinary variables
- foreach ( $varnames as $var ) {
- if ( isset( $GLOBALS[$var] ) ) {
- $val = $this->addQuotes( $GLOBALS[$var] ); // FIXME: safety check?
- $ins = str_replace( '{$' . $var . '}', $val, $ins );
- $ins = str_replace( '/*$' . $var . '*/`', '`' . $val, $ins );
- $ins = str_replace( '/*$' . $var . '*/', $val, $ins );
- }
- }
+ $ins = $this->replaceGlobalVars( $ins, $varnames );
// Table prefixes
$ins = preg_replace_callback( '!/\*(?:\$wgDBprefix|_)\*/([a-zA-Z_0-9]*)!',