Manual talk:Database access

Thanks for starting this page.

SQL Injection
How safe are these functions against SQL Injection? Does the extension-coder have to take care of this themselves?

select-statement
Where would I find documentation on the select-statement (no, not sql in general)?

I would assume:

$res = $dbr->select(Tables, Fields returned, WHERE-clause, calling function, options);


 * Tables:array of tables, if more then on, where-clause needs a join Example: array('pagelinks', 'page') or just 'page'
 * Fields returned: array of fields returned Example: 'pl_title'
 * WHERE-clause: array which holds all conditions, will be joined with AND (And how do I OR clauses?) Example: array('page_id = pl_from', 'pl_namespace' => NS_TEMPLATE, 'page_namespace' => $disPageObj->getNamespace, 'page_title' => $disPageObj->getDBkey)
 * calling function: just for the fun of it? Example: 'DisambiguationsPage::getSQL'
 * options: seems to be added after the WHERE clause, like LIMIT or ORDER BY

Full example: $res = $dbr->select(array('pagelinks', 'page'),	 	    'pl_title',	             array('page_id = pl_from', 'pl_namespace' => NS_TEMPLATE, 'page_namespace' => $disPageObj->getNamespace, 'page_title' => $disPageObj->getDBkey),		   'DisambiguationsPage::getSQL' );

How do I make queries with OR
Is this possible?

immediateBegin vs. begin
This document suggests using immediateBegin over begin, as begin 'may not do what you expect'. Same for immediateCommit vs. commit. However, the MW source code specifies that both immediateBegin and begin do the same thing, and that immediateBegin is deprecated in favor of begin. Same for commit. Unless anyone objects, I'm going to change the page to state that begin and commit should be used, and that the immediateX have been deprecated. --Msul01 20:50, 12 December 2008 (UTC)