return '';
}
+ // See IDatabase::select for the docs for this function
public function select( $table, $vars, $conds = '', $fname = __METHOD__,
$options = [], $join_conds = [] ) {
$sql = $this->selectSQLText( $table, $vars, $conds, $fname, $options, $join_conds );
// Special-case single values, as IN isn't terribly efficient
// Don't necessarily assume the single key is 0; we don't
// enforce linear numeric ordering on other arrays here.
- $value = array_values( $value );
- $list .= $field . " = " . $this->addQuotes( $value[0] );
+ $value = array_values( $value )[0];
+ $list .= $field . " = " . $this->addQuotes( $value );
} else {
$list .= $field . " IN (" . $this->makeList( $value ) . ") ";
}
* themselves. Pass the canonical name to such functions. This is only needed
* when calling query() directly.
*
+ * @note This function does not sanitize user input. It is not safe to use
+ * this function to escape user input.
* @param string $name Database table name
* @param string $format One of:
* quoted - Automatically pass the table name through addIdentifierQuotes()
if ( !$alias || (string)$alias === (string)$name ) {
return $name;
} else {
- return $name . ' AS ' . $alias; // PostgreSQL needs AS
+ return $name . ' AS ' . $this->addIdentifierQuotes( $alias ); // PostgreSQL needs AS
}
}
* Returns if the given identifier looks quoted or not according to
* the database convention for quoting identifiers .
*
+ * @note Do not use this to determine if untrusted input is safe.
+ * A malicious user can trick this function.
* @param string $name
* @return bool
*/
} elseif ( !$this->mTrxAutomatic ) {
// We want to warn about inadvertently nested begin/commit pairs, but not about
// auto-committing implicit transactions that were started by query() via DBO_TRX
- $msg = "$fname: Transaction already in progress (from {$this->mTrxFname}), " .
- " performing implicit commit!";
- wfWarn( $msg );
- wfLogDBError( $msg,
- $this->getLogContext( [
- 'method' => __METHOD__,
- 'fname' => $fname,
- ] )
+ throw new DBUnexpectedError(
+ $this,
+ "$fname: Transaction already in progress (from {$this->mTrxFname}), " .
+ " performing implicit commit!"
);
} else {
- // if the transaction was automatic and has done write operations
+ // The transaction was automatic and has done write operations
if ( $this->mTrxDoneWrites ) {
wfDebug( "$fname: Automatic transaction with writes in progress" .
" (from {$this->mTrxFname}), performing implicit commit!\n"