[ticket/16538] Add identifiers quoting

If reserved word is used as identifier, it must be quoted.
If alias is used elsewhere in SQL statement, it must be quoted.

PHPBB3-16535
PHPBB3-16538

phpBB/phpbb/db/driver/driver_interface.php

@@ -464,4 +464,12 @@ interface driver_interface
 	* @return string	A SQL statement like: "IN (1, 2, 3, 4)" or "= 1"
 	*/
 	public function sql_in_set($field, $array, $negate = false, $allow_empty_set = false);
+
+	/**
+	* Quote identifiers used in sql query
+	*
+	* @param	string	$msg	String to be quoted
+	* @return	string		Quoted version of $msg
+	*/
+	public function sql_quote($msg);
 }

phpBB/phpbb/db/driver/factory.php

@@ -456,4 +456,12 @@ class factory implements driver_interface
 	{
 		return $this->get_driver()->sql_in_set($field, $array, $negate, $allow_empty_set);
 	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function sql_quote($msg)
+	{
+		return $this->get_driver()->sql_quote($msg);
+	}
 }

phpBB/phpbb/db/driver/mssql_base.php

@@ -76,4 +76,12 @@ abstract class mssql_base extends \phpbb\db\driver\driver
 	{
 		return $data;
 	}
+
+	/**
+	* {@inheritDoc}
+	*/
+	function sql_quote($msg)
+	{
+		return '"' . $msg . '"';
+	}
 }

phpBB/phpbb/db/driver/mysqli.php

@@ -489,4 +489,12 @@ class mysqli extends \phpbb\db\driver\mysql_base
 			break;
 		}
 	}
+
+	/**
+	* {@inheritDoc}
+	*/
+	function sql_quote($msg)
+	{
+		return '`' . $msg . '`';
+	}
 }

phpBB/phpbb/db/driver/oracle.php

@@ -818,4 +818,12 @@ class oracle extends \phpbb\db\driver\driver
 			break;
 		}
 	}
+
+	/**
+	* {@inheritDoc}
+	*/
+	function sql_quote($msg)
+	{
+		return '"' . $msg . '"';
+	}
 }

phpBB/phpbb/db/driver/postgres.php

@@ -497,4 +497,12 @@ class postgres extends \phpbb\db\driver\driver
 			break;
 		}
 	}
+
+	/**
+	* {@inheritDoc}
+	*/
+	function sql_quote($msg)
+	{
+		return '"' . $msg . '"';
+	}
 }

phpBB/phpbb/db/driver/sqlite3.php

@@ -427,4 +427,12 @@ class sqlite3 extends \phpbb\db\driver\driver
 			break;
 		}
 	}
+
+	/**
+	* {@inheritDoc}
+	*/
+	function sql_quote($msg)
+	{
+		return '\'' . $msg . '\'';
+	}
 }