Manual talk:Database access
From MediaWiki.org
Thanks for starting this page.
Contents |
[edit] SQL Injection
How safe are these functions against SQL Injection? Does the extension-coder have to take care of this themselves?
[edit] select-statement
Where would I find documentation on the select-statement (no, not sql in general)?
I would assume:
$res = $dbr->select(Tables, Fields returned, WHERE-clause, calling function, options);
- Tables
- array of tables, if more then on, where-clause needs a join
Example: array('pagelinks', 'page') or just 'page' - Fields returned
- array of fields returned
Example: 'pl_title' - WHERE-clause
- array which holds all conditions, will be joined with AND (And how do I OR clauses?)
Example: array('page_id = pl_from', 'pl_namespace' => NS_TEMPLATE, 'page_namespace' => $disPageObj->getNamespace(), 'page_title' => $disPageObj->getDBkey()) - calling function
- just for the fun of it?
Example: 'DisambiguationsPage::getSQL' - options
- seems to be added after the WHERE clause, like LIMIT or ORDER BY
Full example:
$res = $dbr->select(array('pagelinks', 'page'),
'pl_title',
array('page_id = pl_from', 'pl_namespace' => NS_TEMPLATE,
'page_namespace' => $disPageObj->getNamespace(), 'page_title' => $disPageObj->getDBkey()),
'DisambiguationsPage::getSQL' );
[edit] How do I make queries with OR
Is this possible?
[edit] immediateBegin() vs. begin()
This document suggests using immediateBegin() over begin(), as begin() 'may not do what you expect'. Same for immediateCommit() vs. commit(). However, the MW source code specifies that both immediateBegin() and begin() do the same thing, and that immediateBegin() is deprecated in favor of begin(). Same for commit(). Unless anyone objects, I'm going to change the page to state that begin() and commit() should be used, and that the immediateX() have been deprecated. --Msul01 20:50, 12 December 2008 (UTC)
