Why is codeigniter using backtics in mysql code?

[eluser]danmontgomery[/eluser]

Code:

SELECT delete FROM table;

Is an invalid query, and doesn't delete or select anything. Codeigniter's field protectors are database specific and are defined in each database's _driver.php class:

mssql_driver.php

Code:

var $_escape_char = '';

mysql_driver.php

Code:

var $_escape_char = '`';

postgre_driver.php

Code:

var $_escape_char = '"';

And so on. I still don't see what the problem is. If you don't want fields escaped in your application just globally disable the functionality.

[eluser]Bart v B[/eluser]
Guy's,

That's why i love this forum!
There are some good points what i did not thought aboute.

@heavenquake
That i agree. You need to do more to get rid off XSS. I understand that.
>If you need code to tell you what to do and what not to do, why are you even coding? :0) ;<
First of all i agree that you need some theory before to begin. But, you can build a house from stones on a ground that is from wooden. but is that ok?

@n0xie
>Now you might say, who would ever use ` or ’ in column/table names? To which my response would be, who would ever use reserved words as column/table names? <
hehe.. i have seen more worst cases this week, like someone who dare to say phpmyadmin is the database.
so don't tell me what creazy things there are in this world.

The other point i did not thought aboute so that's a good point.

@Jelmer,
>The starter that’s going to switch databases is going to have more to worry about then just backticks in all likelyhood. Also if you’re going to risk code like your example you’re bound to make much larger and more dangerous mistakes. <
ofcourse! I agree! But did you never been asked on a late day hard work, can you fix this for me very quick?
Then it's getting very dangerouse

@noctrum
I think that you have the best answer.
So it can be disabled. I did not know that.
As i mention before i did not digg in the CI code to see that if it's possible.


Thanks guy's I love you all.
(In a polite way )