Manual talk:Database access

From MediaWiki.org

Jump to: navigation, search

Thanks for starting this page.

[edit] SQL Injection

How safe are these functions against SQL Injection? Does the extension-coder have to take care of this themselves?

[edit] select-statement

Where would I find documentation on the select-statement (no, not sql in general)?

I would assume:

$res = $dbr->select(Tables, Fields returned, WHERE-clause, calling function, options);

Tables: array of tables, if more then on, where-clause needs a join
Example: array('pagelinks', 'page') or just 'page'
Fields returned: array of fields returned
Example: 'pl_title'
WHERE-clause: array which holds all conditions, will be joined with AND (And how do I OR clauses?)
Example: array('page_id = pl_from', 'pl_namespace' => NS_TEMPLATE, 'page_namespace' => $disPageObj->getNamespace(), 'page_title' => $disPageObj->getDBkey())
calling function: just for the fun of it?
Example: 'DisambiguationsPage::getSQL'
options: seems to be added after the WHERE clause, like LIMIT or ORDER BY

Full example:

$res = $dbr->select(array('pagelinks', 'page'),
	  	    'pl_title',
	             array('page_id = pl_from', 'pl_namespace' => NS_TEMPLATE,
                     'page_namespace' => $disPageObj->getNamespace(), 'page_title' => $disPageObj->getDBkey()),
		    'DisambiguationsPage::getSQL' );

[edit] How do I make queries with OR

Is this possible?

Manual talk:Database access

From MediaWiki.org

[edit] SQL Injection

[edit] select-statement

[edit] How do I make queries with OR

Views

Personal tools

Site

Download

Search

Support

Development

Communication

Toolbox