Edit report at http://bugs.php.net/bug.php?id=38196&edit=1
ID: 38196
Comment by: jo at feuersee dot de
Reported by: wasti dot redl at gmx dot net
Summary: quoteIdentifier() in PDO
Status: Open
Type: Feature/Change Request
Package: Feature/Change Request
Operating System: Linux
PHP Version: 5.1.4
Block user comment: N
New Comment:
I agree that the current PDO implementation lacks a portable way to
quote SQL identifiers like table or field names.
Some people will argue that in most cases it's better to avoid quote
identifiers at all, and I agree. But every database has it's own list of
reserved words which can't be used as a field or table name unless
quoted. As it is hardly possible to avoid all reserved words from all
databases (to improve portability between database backends),
implementing such a method in PDO would be a big help.
Alternative suggestion: instead of adding a new method quoteIdentifier()
extend PDO::quote() method to accept a new const PDO::PARAM_IDENTIFIER
which works as follows:
$sql = sprintf("SELECT %s FROM %s",
$pdo->quote('field', PDO::PARAM_IDENTIFIER),
$pdo->quote('table', PDO::PARAM_IDENTIFIER)
);
$sql would then be
for MySQL backend:
SELECT `field` FROM `table`
for SQLite:
SELECT 'field' FROM 'table'
Previous Comments:
------------------------------------------------------------------------
[2006-07-24 17:49:53] wasti dot redl at gmx dot net
Description:
------------
It would be nice if PDO supported a quoteIdentifier() method like
PEAR::MDB2 does, that quotes strings according to identifier rules of
the DBMS. In other words, I need to use arbitrary strings as field or
table names in a query and would like a DBMS-independent way of quoting
them.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=38196&edit=1
