HomePhabricator

Have Database::addQuotes() pass through bare integers without quoting

Description

Have Database::addQuotes() pass through bare integers without quoting

Quotes started being added to integers in r4984 (August 2004). Before
that, is_numeric() was used to determine whether to add quotes, so
quotes were omitted from numeric strings, which is obviously wrong.

The idea here is to use the type of the variable to hint to the database
as to whether quotes are needed. The results are somewhat inconsistent,
since some callers do not convert numeric strings obtained from user
input to integers. That makes it a more conservative change. Callers can
opt out of unquoted integers by casting them to string.

The reason for doing this is that quoting integers turns out to be not
as harmless as originally assumed. We found a case of it confusing the
MariaDB query planner, causing inappropriate indexes to be used.

I also made addQuotes() consistently return a string, instead of
returning an integer for boolean values. This was already the case for
MySQL, but it seems like a good idea everywhere.

Bug: T238378
Change-Id: I70473280f542ee5ecd79e187f580807410fbd548

Details

Provenance
tstarlingAuthored on Nov 15 2019, 5:35 AM
Parents
rMW66f34f56db49: Merge "Remove unused file mediawiki.special.preferences.styles.css"
Branches
Unknown
Tags
Unknown
ChangeId
I70473280f542ee5ecd79e187f580807410fbd548