}
}
+ /**
+ * Quotes a string using `backticks` for things like database, table, and field
+ * names, other databases which use something other than backticks can replace
+ * this with something else
+ */
+ function quote_ident( $s ) {
+ return "`" . $this->strencode( $s ) . "`";
+ }
+
/**
* Escape string for safe LIKE usage.
* WARNING: you should almost never use this function directly,
return true;
}
+ /**
+ * Database independent variable replacement, replaces a set of named variables
+ * in a sql statement with the contents of their global variables.
+ * Supports '{$var}' `{$var}` and / *$var* / (without the spaces) style variables
+ *
+ * '{$var}' should be used for text and is passed through the database's addQuotes method
+ * `{$var}` should be used for identifiers (eg: table and database names), it is passed through
+ * the database's quote_ident method which can be overridden if the database
+ * uses something other than backticks.
+ * / *$var* / is just encoded, besides traditional dbprefix and tableoptions it's use should be avoided
+ *
+ * @param $ins String: SQL statement to replace variables in
+ * @param $varnames Array: Array of global variable names to replace
+ * @return String The new SQL statement with variables replaced
+ */
+ protected function replaceGlobalVars( $ins, $varnames ) {
+ foreach ( $varnames as $var ) {
+ if ( isset( $GLOBALS[$var] ) ) {
+ $ins = str_replace( '\'{$' . $var . '}\'', $this->addQuotes( $GLOBALS[$var] ), $ins ); // replace '{$var}'
+ $ins = str_replace( '`{$' . $var . '}`', $this->quote_ident( $GLOBALS[$var] ), $ins ); // replace `{$var}`
+ $ins = str_replace( '/*$' . $var . '*/', $this->strencode( $GLOBALS[$var] ) , $ins ); // replace /*$var*/
+ }
+ }
+ return $ins;
+ }
+
/**
* Replace variables in sourced SQL
*/
'wgDBadminuser', 'wgDBadminpassword', 'wgDBTableOptions',
);
- // Ordinary variables
- foreach ( $varnames as $var ) {
- if ( isset( $GLOBALS[$var] ) ) {
- $val = $this->addQuotes( $GLOBALS[$var] ); // FIXME: safety check?
- $ins = str_replace( '{$' . $var . '}', $val, $ins );
- $ins = str_replace( '/*$' . $var . '*/`', '`' . $val, $ins );
- $ins = str_replace( '/*$' . $var . '*/', $val, $ins );
- }
- }
+ $ins = $this->replaceGlobalVars( $ins, $varnames );
// Table prefixes
$ins = preg_replace_callback( '!/\*(?:\$wgDBprefix|_)\*/([a-zA-Z_0-9]*)!',
}
function quote_ident( $s ) {
- return $s;
+ return '"' . str_replace( '"', '""', $s ) . '"';
}
function selectRow( $table, $vars, $conds, $fname = 'DatabaseOracle::selectRow', $options = array(), $join_conds = array() ) {
$varnames[] = '_OracleTempTS';
}
- // Ordinary variables
- foreach ( $varnames as $var ) {
- if ( isset( $GLOBALS[$var] ) ) {
- $val = $this->addQuotes( $GLOBALS[$var] ); // FIXME: safety check?
- $ins = str_replace( '{$' . $var . '}', $val, $ins );
- $ins = str_replace( '/*$' . $var . '*/`', '`' . $val, $ins );
- $ins = str_replace( '/*$' . $var . '*/', $val, $ins );
- }
- }
+ $ins = $this->replaceGlobalVars( $ins, $varnames );
return parent::replaceVars( $ins );
}
* Return the next in a sequence, save the value for retrieval via insertId()
*/
function nextSequenceValue( $seqName ) {
- $safeseq = preg_replace( "/'/", "''", $seqName );
+ $safeseq = str_replace( "'", "''", $seqName );
$res = $this->query( "SELECT nextval('$safeseq')" );
$row = $this->fetchRow( $res );
$this->mInsertId = $row[0];
* Return the current value of a sequence. Assumes it has been nextval'ed in this session.
*/
function currentSequenceValue( $seqName ) {
- $safeseq = preg_replace( "/'/", "''", $seqName );
+ $safeseq = str_replace( "'", "''", $seqName );
$res = $this->query( "SELECT currval('$safeseq')" );
$row = $this->fetchRow( $res );
$currval = $row[0];
* Query whether a given schema exists. Returns the name of the owner
*/
function schemaExists( $schema ) {
- $eschema = preg_replace( "/'/", "''", $schema );
+ $eschema = str_replace( "'", "''", $schema );
$SQL = "SELECT rolname FROM pg_catalog.pg_namespace n, pg_catalog.pg_roles r "
."WHERE n.nspowner=r.oid AND n.nspname = '$eschema'";
$res = $this->query( $SQL );
}
function quote_ident( $s ) {
- return '"' . preg_replace( '/"/', '""', $s ) . '"';
+ return '"' . str_replace( '"', '""', $s ) . '"';
}
/**
}
function quote_ident( $s ) {
- return $s;
+ return '"' . str_replace( '"', '""', $s ) . '"';
}
function buildLike() {