Manual talk:Database access

Thanks for starting this page.

SQL Injection
How safe are these functions against SQL Injection? Does the extension-coder have to take care of this themselves?

select-statement
Where would I find documentation on the select-statement (no, not sql in general)?

I would assume:

$res = $dbr->select(Tables, Fields returned, WHERE-clause, calling function, options);


 * Tables:array of tables, if more then on, where-clause needs a join Example: array('pagelinks', 'page') or just 'page'
 * Fields returned: array of fields returned Example: 'pl_title'
 * WHERE-clause: array which holds all conditions, will be joined with AND (And how do I OR clauses?) Example: array('page_id = pl_from', 'pl_namespace' => NS_TEMPLATE, 'page_namespace' => $disPageObj->getNamespace, 'page_title' => $disPageObj->getDBkey)
 * calling function: just for the fun of it? Example: 'DisambiguationsPage::getSQL'
 * options: seems to be added after the WHERE clause, like LIMIT or ORDER BY

Full example: $res = $dbr->select(array('pagelinks', 'page'),	 	    'pl_title',	             array('page_id = pl_from', 'pl_namespace' => NS_TEMPLATE, 'page_namespace' => $disPageObj->getNamespace, 'page_title' => $disPageObj->getDBkey),		   'DisambiguationsPage::getSQL' );

How do I make queries with OR
Is this possible?