Always escape identifiers in the set(), setUpdateBatch(), and insertBatch()

[ytetsuro]

Fixed a problem where identifiers were not escaped in the set, setUpdateBatch, and insertBatch methods.

Description

I decided that there was no case where the column name in the set clause did not need to be escaped, so I turned off the unescaping process.
The same goes for the table name when inserting.

see: #2487 (comment)

Checklist:

• Securely signed commits
• Component(s) with PHPdocs
• Unit testing, with >80% coverage
• User guide updated
• Conforms to style guide

[kenjis]

You need to update the PHPdoc.

CodeIgniter4/system/Database/BaseBuilder.php

Line 1343 in ef08b6f

* @param bool|null $escape Whether to escape values and identifiers

And user guide, too.
https://codeigniter4.github.io/CodeIgniter4/database/query_builder.html#set

[ytetsuro]

@kenjis

You need to update the PHPdoc.
And user guide, too.

Thanks, response.
Fixed it.

Thanks to your pointers, I realized that I have a problem similar to this case with the setUpdateBatch and insertBatch identifiers.
Thank you very much.
I've fixed this as well and added a test.

[kenjis]

@ytetsuro
Your commit message like the following means the opposite what you did.

fix: removed unnecessary escaping process in setUpdateBatch as well.

It should be like fix: always escape identifiers in setUpdateBatch()

[ytetsuro]

@kenjis

Your commit message like the following means the opposite what you did.

Thanks, response.

You are right.

Fixed it.💪

[kenjis]

@ytetsuro

The first commit:

fix: Because we have made escaping unnecessary in places where it is not necessary.

Sorry, I don't know what you are saying.

DeepL translation:

逃げることを必要としない場所では、逃げることを不要としたからです。

Google translation:

必要のない場所での脱出を不要にしたからです。

[ytetsuro]

I don't know what you are saying.

Sorry.
Fixed it.💪

[kenjis]

I didn't understand it before, but this change is necessary for the normal use case in Oracle.

The normal use case is when an identifier is quoted and lowercased, like "name".

In this case, if a user specify $escape to false, the identifiers will not be quoted, and Oracle will not find the identifier.
name is not equal to "name".

See https://seeq.atlassian.net/wiki/spaces/KB/pages/443088907/SQL+Column+Names+and+Case+Sensitivity
for Oracle identifier case sensitivity.

[kenjis]

Cancel the approval once.

[ytetsuro]

@kenjis

I'm sorry to have bothered you.
I've aligned the commit messages.

[paulbalandan]

Let us include this change in the user guide changelog.

[ytetsuro]

@paulbalandan

I'm sorry.
I have no experience in writing changelog.

Please tell me.
Is the changelog to be updated using the following procedure?
Is it my CI4 repository to push the release branch?

https://github.com/codeigniter4/CodeIgniter4/blob/0f0c1d6514c0234f4d16bdca0e5e308a39168986/admin/RELEASE.md#codeigniter4

[paulbalandan]

No, not there. I meant here.
https://github.com/codeigniter4/CodeIgniter4/blob/develop/user_guide_src/source/changelogs/v4.1.5.rst

[ytetsuro]

@paulbalandan

Thanks, response.

Fixed it.

[paulbalandan]

Thank you, @ytetsuro