https://bugzilla.wikimedia.org/show_bug.cgi?id=20275
--- Comment #3 from Max Semenik <[email protected]> 2009-08-24 18:15:03 UTC --- (In reply to comment #2) > Where does the ESCAPE have to go? Right after the LIKE or at the end of the > query? I'd expect this function to be usable even with additional conditions > after it. Also remember that there might be parentheses and other fun stuff > thrown in; make sure you pay attention to associativity. At the end of the LIKE expression: http://sqlite.org/syntaxdiagrams.html#expr > I'd call the method like() rather than prepareLike(), and do away with the > extra escapeSyntax() thing -- just roll it into the like() method and have > SQLite override that. Also, I'm not sure whether it's better to do 'foo' . > $dbr->like( 'bar%' ), or $dbr->like( 'foo', 'bar%' ), or what. And if the > latter, I'm not sure if 'foo' should be assumed to be a table name or taken > literally. Do we have any similar constructions currently to compare to? The $dbr->like( 'bar%' ) variant is clearer, but it requires you to take care of its parameter manually, i.e. to escape 'bar' but not '%', if you really mean "all pages starting with 'bar'". To reduce the possibility of creating an unescaped LIKE statement (not calling escapeLike may result in a query that does not do what it is intended to do, not escaping quotes properly is an outright security threat). My proposed function takes care of most uses of LIKE -- that only need to select things starting with a given string. For those cases where the LIKE statement needs to be much trickier, no predefined function can take care of 100% of cases, that's why I proposed to create escapeSyntax(). People should be able to use it directly when building a query manually. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
