Req #38196 [Com]: quoteIdentifier() in PDO

Sat, 02 Oct 2010 01:39:23 -0700 

Edit report at http://bugs.php.net/bug.php?id=38196&edit=1

 ID:                 38196
 Comment by:         + at ni-poc dot com
 Reported by:        wasti dot redl at gmx dot net
 Summary:            quoteIdentifier() in PDO
 Status:             Open
 Type:               Feature/Change Request
 Package:            PDO related
 Operating System:   Linux
 PHP Version:        5.1.4
 Block user comment: N

 New Comment:

This would be especially handy if you try to extend PDO to allow
extended placeholder syntax. In that case you normally simply imply that
` is used as field quote and thus defeat the purpose of using PDO - it
isn't cross-DB-compatible anymore.


Previous Comments:
------------------------------------------------------------------------
[2010-08-02 16:01:24] jo at feuersee dot de

I agree that the current PDO implementation lacks a portable way to
quote SQL identifiers like table or field names. 

Some people will argue that in most cases it's better to avoid quote
identifiers at all, and I agree. But every database has it's own list of
reserved words which can't be used as a field or table name unless
quoted. As it is hardly possible to avoid all reserved words from all
databases (to improve portability between database backends),
implementing such a method in PDO would be a big help.



Alternative suggestion: instead of adding a new method quoteIdentifier()
extend PDO::quote() method to accept a new const PDO::PARAM_IDENTIFIER
which works as follows:



$sql = sprintf("SELECT %s FROM %s",

    $pdo->quote('field', PDO::PARAM_IDENTIFIER),

    $pdo->quote('table', PDO::PARAM_IDENTIFIER)

);



$sql would then be 

for MySQL backend: 

SELECT `field` FROM `table`



for SQLite:

SELECT 'field' FROM 'table'

------------------------------------------------------------------------
[2006-07-24 17:49:53] wasti dot redl at gmx dot net

Description:
------------
It would be nice if PDO supported a quoteIdentifier() method like
PEAR::MDB2 does, that quotes strings according to identifier rules of
the DBMS. In other words, I need to use arbitrary strings as field or
table names in a query and would like a DBMS-independent way of quoting
them.



------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=38196&edit=1

Reply via email to