>Limits, table names, and several other query parts are protected by >MediaWiki's query builder. A complex select query might look like this: > >$result = $db->select( > # Tables > array( 'user', 'revision' ), > # Fields > array( 'user_name', 'rev_timestamp' ), > # Conditions (WHERE) > array( > 'user_id=rev_user', > 'rev_page' => $page_id > ), > # Query tag, goes into a comment in the SQL > __METHOD__, > # Options > array( > 'LIMIT' => 10, > 'ORDER BY' => 'rev_timestamp DESC', > ) >); > >It even has some degree of DBMS-independence, thanks to creative >interpretation of the options parameter. This is what I would like to see >in the PHP core. > >-- Tim Starling
the only security risk is $page_id and is variable... with prepare statement can be binded... -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
