Last modified: 2014-08-29 19:15:37 UTC
DatabaseBase::addIdentifierQuotes escapes strings for use as an identifier before quoting them. However, DatabaseMysqlBase::addIdentifierQuotes uses a different type of quote (backticks) because of MySQL behavior. Despite this, it still applies default escaping. If any database identifiers happen to have bad characters in them (highly unlikely, but a possibility), then it would cause a problem. This would involve fixing DatabaseMysqlBase to escape the proper characters rather than just calling strencode like it does now.
Change 88533 had a related patch set uploaded by BryanDavis: Escape backticks when quoting MySQL identifiers https://gerrit.wikimedia.org/r/88533
Change 88533 merged by jenkins-bot: Escape backticks when quoting MySQL identifiers https://gerrit.wikimedia.org/r/88533
Is this resolved as the patch is merged?
*** Bug 40959 has been marked as a duplicate of this bug. ***