Le 2011-08-16 04:49, Dieter Adriaenssens a écrit :
Hi,
I noticed Piotr removed back quotes from a few fields in an SQL query. They were fixed strings (no variables), so they don't really need escaping, but I was under the impression that it is good practice to add back quotes to every field/table/database name in a SQL query, not only the dynamic ones?
I haven't seen any recommendation stating that this is a good practice. After all,
- backquotes is only an escaping mechanism (introduced by MySQL) so phpMyAdmin should add them in all dynamic cases - SQL purists hate these backquotes